Hello everyone. In this thread, we are going to solve/decode ToolsRus from TryHackMe(THM). In this process, we are going to use tools such as: Nikto, Dirb, Nmap ve Meterpreter. Let's cut to the chase asap.
First, we perform a scan via the tool named Dirb.
After our scan is over, we evaluate the results. It instructs us that the guidelines page is open. We successfully answer the first question with this simple scan.
We arrive at the page.
It asks us some questions. If you are careful enough, you can see that the word 'bob' is written boldly. This might be a sign. We assume that this is somehow linked with the second question and try the answer bob for the second question. Here we go! It is the correct answer! Let's keep going.
The scan that we performed with the Dirb tool had a protected part too. When we enter this page we are greeted with a screen looking like this. The third question is asked about this. So our answer is protected.
Now, by using the hydra tool we will perform an ip scan to the target ip. For this, we will download a premade wordlist to our desktop from any search engine. We have to find this wordlist by the search parameter: 'rockyou'. This is a wordlist published for hydra. Passing this simple step, we enter after we type file path, ip address and http get + protected path. We have its login and password. Also, we found the answer to our fourth question. Our answer is bubbles. Now, we can keep moving.
Now we perform and nmap scan at the target ip.Tarama sonucunda açık portları keşfediyoruz. Bize beşinci soruda rakamsal olarak hangi tcp portunun açık olduğu soruluyor. Cevabımız 1234.
6. sorumuz nmap taramasında ulaşmıştık cevap: Apache Tomcat/7.0.88
Now we perform a scan with our nikto tool.
Our code ;
In the 7th question, we are asked about how many OSVDB are The answer is 5.
Our 8th question can be found with a Nmap scan.
Our answer is: Apache/2.4.18
9th questions answer is 1.1
We visit the site and we already found our login and password via hydra. We login. We view the Tomcat web mainpage.
We start the penetration test with our M e t a sploit tool. After our msfconsole command executes we execute search tomcat and start a scan.
We run the use 17 command. Next, we run the show options command and inspect the results. After that we run the commands by an order:
First, we perform a scan via the tool named Dirb.
After our scan is over, we evaluate the results. It instructs us that the guidelines page is open. We successfully answer the first question with this simple scan.
We arrive at the page.
It asks us some questions. If you are careful enough, you can see that the word 'bob' is written boldly. This might be a sign. We assume that this is somehow linked with the second question and try the answer bob for the second question. Here we go! It is the correct answer! Let's keep going.
The scan that we performed with the Dirb tool had a protected part too. When we enter this page we are greeted with a screen looking like this. The third question is asked about this. So our answer is protected.
Now, by using the hydra tool we will perform an ip scan to the target ip. For this, we will download a premade wordlist to our desktop from any search engine. We have to find this wordlist by the search parameter: 'rockyou'. This is a wordlist published for hydra. Passing this simple step, we enter after we type file path, ip address and http get + protected path. We have its login and password. Also, we found the answer to our fourth question. Our answer is bubbles. Now, we can keep moving.
Now we perform and nmap scan at the target ip.Tarama sonucunda açık portları keşfediyoruz. Bize beşinci soruda rakamsal olarak hangi tcp portunun açık olduğu soruluyor. Cevabımız 1234.
6. sorumuz nmap taramasında ulaşmıştık cevap: Apache Tomcat/7.0.88
Now we perform a scan with our nikto tool.
Our code ;
Kod:
nikto -h http://<machine IP>:1234/manager/html -id bob:<bob password>
In the 7th question, we are asked about how many OSVDB are The answer is 5.
Our 8th question can be found with a Nmap scan.
Our answer is: Apache/2.4.18
9th questions answer is 1.1
We visit the site and we already found our login and password via hydra. We login. We view the Tomcat web mainpage.
We start the penetration test with our M e t a sploit tool. After our msfconsole command executes we execute search tomcat and start a scan.
We run the use 17 command. Next, we run the show options command and inspect the results. After that we run the commands by an order:
Kod:
set HttpPassword bubbles[/SIZE][/CENTER][/SIZE][/CENTER][/SIZE][/CENTER][/SIZE][/CENTER]
[SIZE=5][CENTER][SIZE=5][CENTER][SIZE=5][CENTER][SIZE=5][CENTER]set HttpUsername bob
set Rhost <machine IP>
set Rport 1234
And again we run 'show options'.
Our settings have successfully been applied. We use the Run command and reach the flag.
Via the cat command, we review the flag file. After we captured our flag, the machine is decoded.
See you in another CTF!