all InfoSec news
Tech Support :Hack into the scammer’s under-development website to foil their plans. (THM-ROOM)
System Weakness - Medium systemweakness.com
Tech Support :Hack into the scammer’s under-development website to foil their plans. (THM-ROOM)
Room Overview:
- Room Link: Tech Support Room
- Tags: RCE, File Upload, sudo, custom
Reconnaissance:
A meticulous Nmap scan and subsequent Gobuster directory enumeration laid the groundwork. Notable findings included SSH, Apache, and Samba services. Gobuster unearthed intriguing directories, such as “/wordpress” and “/test.”
Nmap Scan resultNmap Scan Results:
- Port 22/tcp: OpenSSH 7.2p2 Ubuntu 4ubuntu2.10
- Port 80/tcp: Apache httpd 2.4.18 (Ubuntu)
- Port 139/tcp: Samba smbd 3.X — …
apache development directory directory enumeration enumeration file file upload findings foil gobuster hack link nmap plans rce room samba scammer scan services ssh sudo support tech tech support thm thm-writeup under upload website