THM ToolsRus CTF WriteUp

MaliciousX

Katılımcı Üye
16 Kas 2019
284
49
10
Nikomedya
Hello everyone. In this thread, we are going to solve/decode ToolsRus from TryHackMe(THM). In this process, we are going to use tools such as: Nikto, Dirb, Nmap ve Meterpreter. Let's cut to the chase asap.

First, we perform a scan via the tool named
Dirb.


4eoqhml.png


After our scan is over, we evaluate the results. It instructs us that the guidelines page is open. We successfully answer the first question with this simple scan.

We arrive at the page.


rp392rh.png


It asks us some questions. If you are careful enough, you can see that the word 'bob' is written boldly. This might be a sign. We assume that this is somehow linked with the second question and try the answer bob for the second question. Here we go! It is the correct answer! Let's keep going.

f7oku98.png


The scan that we performed with the Dirb tool had a protected part too. When we enter this page we are greeted with a screen looking like this. The third question is asked about this. So our answer is protected.

puj1cvb.png


Now, by using the hydra tool we will perform an ip scan to the target ip. For this, we will download a premade wordlist to our desktop from any search engine. We have to find this wordlist by the search parameter: 'rockyou'. This is a wordlist published for hydra. Passing this simple step, we enter after we type file path, ip address and http get + protected path. We have its login and password. Also, we found the answer to our fourth question. Our answer is bubbles. Now, we can keep moving.

3bgb49o.png


Now we perform and nmap scan at the target ip.Tarama sonucunda açık portları keşfediyoruz. Bize beşinci soruda rakamsal olarak hangi tcp portunun açık olduğu soruluyor. Cevabımız 1234.

6. sorumuz nmap taramasında ulaşmıştık cevap: Apache Tomcat/7.0.88


m853spb.png



Now we perform a scan with our nikto tool.

Our code ;
Kod:
nikto -h http://<machine IP>:1234/manager/html -id bob:<bob password>

In the 7th question, we are asked about how many OSVDB are The answer is 5.


Our 8th question can be found with a Nmap scan.
Our answer is:
Apache/2.4.18

9th questions answer is 1.1

ka0lczb.png


We visit the site and we already found our login and password via hydra. We login. We view the Tomcat web mainpage.


guolx89.png


We start the penetration test with our M e t a sploit tool. After our msfconsole command executes we execute search tomcat and start a scan.

4mvu2fm.png


We run the use 17 command. Next, we run the show options command and inspect the results. After that we run the commands by an order:

Kod:
set HttpPassword bubbles[/SIZE][/CENTER][/SIZE][/CENTER][/SIZE][/CENTER][/SIZE][/CENTER]
[SIZE=5][CENTER][SIZE=5][CENTER][SIZE=5][CENTER][SIZE=5][CENTER]set HttpUsername bob
set Rhost <machine IP>
set Rport 1234





And again we run 'show options'.

l38029k.png


Our settings have successfully been applied. We use the Run command and reach the flag.

p4oscxm.png


Via the cat command, we review the flag file. After we captured our flag, the machine is decoded.

6g9svob.png



See you in another CTF!

iUBacd.gif

 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.