TryHackMe "Hack Smarter Security" WriteUp
"Hack Smarter Security"
Got the ip of machine and I did nmap scan of it
and in results i quickly saw that FTP is open and Anonymous login is enabled so I logged in but sadly there was nothing special, and I saw port 80 is open too so a web server is running and in the scan I saw "HackSmarterSec" and I added it to /etc/hosts then I visited on webpage
as it looks it was just a normal html page, it has nothing spacial so I looked for other port 1311 and I didn't had any idea about the server running on it cuz I just saw dell mentioned and this was new to me but I was not able to visit the page
so I did a quick search and got to know that it was a OMSALogin page and
after looking at the version of the server it was 9.4.0.2 so I search for known vulnerabilities and came across
CVE-2020-5377
and found exploit to Path Traversal reading files by RhinoSecurityLabs
then I read web config files on machine and I got user and the password I did SSH and I logged in
Recommended by LinkedIn
got user.txt but hopefully it was not administrator and also Defender was active , I looked and found spoofer-scheduler.exe was running under system but I had no clue on what to do about it so I got some help from Tyler Youtube video
and because of Defender was active i used nim as Tyler said nim bypasses Defender
("Thanks to Tyler Ramsbey to guid me through his video where I got stuck ")
then I Stopped the service and I changed the binary with a reverse shell with that stared listener on linux and I restarted service
And After adding Tyler to administrator group I used RDP to connect machine and got the "hacking-targets" file where organizations name was written
And Hack Smarter Security was completely PWNWD
TryHackme profile
HackTheBox profile
My Website