CyberLens
This room was created by Tyler Ramsbey

CyberLens

Eduardo Cochella Eduardo Cochella

Eduardo Cochella

MSc. Electrical engineering | Penetration tester | Ethical Hacker | Network engineer | Red Team | Cyber researcher | Top 1% TryHackMe | Top 1% Hack The Box | CTF Player

发布日期: 2024年5月23日
+ 关注

Enumeration

Don't forget to manually define the IP addresses associated with the specific hostname
After a deep scanning, we got some information about the Ports and Services that are running.
Our first approach would be Port 80 where we found an interesting Metadata analyzer. Let's check the source code for more information.
There's an interesting JavaScript function that shows Port 61777 available. It seems that the information about the metadata goes directly there. Let's look what is the content of
It is an Apache Tika 1.17 Server
The version is vulnerable to Header Command Injection. Let's open Metasploit Framework.

Exploitation

This module exploits a command injection vulnerability in Apache Tika 1.15 - 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic bytes checking. We create a Meterpreter Session.
Meterpreter Session
And our first flag under CyberLens User.

Privilege Escalation

For the priv. escalation part, it is possible to use WinPeas or some other tool. In this case, I'm using the local exploit suggester from Metasploit Framework to verify if its possible to escalate our privileges.
We run the exploit in our Session 1, and now we are nt authority\system. Let's grab the last flag.














要查看或添加评论,请登录

Eduardo Cochella的更多文章

  • Billing
    2025年3月10日

    Billing

    Enumeration: After running a simple service - version scan, we discovered three ports open. Port 22-ssh, 80-http…

  • You Got Mail
    2025年2月10日

    You Got Mail

    Enumeration Let's start this room by running Nmap. We can see the smtp, pop3 and imap are in the server.

  • Lookup - TryHackMe
    2024年11月26日

    Lookup - TryHackMe

    Basic Scan: SSH and HTTP are running. NMAP basic scan Analyzing the Web Application: We had to deal with a login page.

  • Cheese CTF
    2024年9月25日

    Cheese CTF

    NMAP enumeration It seems the all ports are running. Checking port 80, we found that a web application is running.

    1 条评论
  • Attacktive Directory
    2024年8月22日

    Attacktive Directory

    NMAP enumeration shows up an Active Directory environment - Kerberos Port 88 DNS_Domain_Name: spookysec.local User…

  • Injectics
    2024年7月30日

    Injectics

    Enumeration Ports 22 and 80 are open Web Application running on port 80 Checking the source code, we found an…

  • New York Flankees
    2024年7月15日

    New York Flankees

    Enumeration Port 22 and 8080-http are open Checking the request, we found a script function that leaks a token. Custom…

  • CREATIVE
    2024年4月16日

    CREATIVE

    Enumeration Ports 22 and 80 are open Web App Analysis - Nothing interesting Let's look for some subdomains -…

  • Hack Smarter Security
    2024年3月21日

    Hack Smarter Security

    Enumeration Ports 21, 22, 80, 1311, and 3389 are open Checking port 21 we found some Credit Cards and a Stolen Passport…

    1 条评论
  • Crocc Crew
    2024年2月14日

    Crocc Crew

    Enumeration Facing an Active Directory Checking for possible users utilizing xato-net-10-million-usernames.txt from…

社区洞察

其他会员也浏览了