Tryhackme

Room link: https://tryhackme.com/r/room/bsidesgtthompson I started with enumeration nmap -oN nmap.txt -Pn -T4 -sC -sV 10.10.188.85 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 8009/tcp open ajp13 Apache Jserv (Protocol v1.3) 8080/tcp open http Apache Tomcat 8.5.5 I went to the site http://10.10.188.85:8080 I clicked Manager App and it asked me for a login I tried admin:tomcat and tomcat:tomcat but it didn’t let me in, so I pressed cancel button and it displayed some interesting information ...

Room link: https://tryhackme.com/r/room/cyborgt8 We have these questions to answer: Scan the machine, how many ports are open? What service is running on port 22? What service is running on port 80? What is the user.txt flag? What is the root.txt flag? On port 22 is ssh by default, and on port 80 is http, but first let’s check it with a nmap scan - btw, we will then be able to answer question number 1 ...

Room link: https://tryhackme.com/r/room/lazyadmin I’ll start everything by nmap scan, and on background I’ll run gobuster nmap -oN nmap.txt -Pn -T4 -sC -sV -p- 10.10.19.199 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) gobuster dir -o gobuster.txt -u 10.10.19.199 -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt =============================================================== Starting gobuster in directory enumeration mode =============================================================== /.hta (Status: 403) [Size: 277] /.htaccess (Status: 403) [Size: 277] /.htpasswd (Status: 403) [Size: 277] /content (Status: 301) [Size: 314] [--> http://10.10.19.199/content/] /index.html (Status: 200) [Size: 11321] /server-status (Status: 403) [Size: 277] Going to the server address, we are shown the default apache site - so we won’t find anything there ...