all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

THM: Gaining Access to the Library Server

Add to bookmarks
April 13, 2024, 6:12 a.m. | 0xViKi

System Weakness - Medium systemweakness.com

THM Room Link: https://tryhackme.com/r/room/bsidesgtlibrary

Initial Reconnaissance

Nmap Scan:

sudo nmap -sV -sS -A <IP>

Open Ports

  • 22/tcp: OpenSSH 7.2p2 Ubuntu 4ubuntu2.8
  • 80/tcp: Apache httpd 2.4.18 (Ubuntu)

Gobuster:

gobuster dir -u http://<IP>/ -x php,txt -w /usr/share/wordlists/dirb/common.txt -t 50

No interesting directories were discovered, however, I found robots.txt which hints that I need to brute-force attack

Information Gathering

Hints Brute-Force Attack

On Inspection of the website closely, I found a potential username that could be the username for SSH which is open …

thm-writeup

Visit resource

More from systemweakness.com / System Weakness - Medium

Web Pen testing Automation 1 day, 5 hours ago | systemweakness.com
bounties bugs ethical hacking hacking +1
Advance XSS payload List 1 day, 5 hours ago | systemweakness.com
amp bug bounty bug-bounty-tips bugs +11
Static Malware Analysis: Techniques & Challenges 1 day, 5 hours ago | systemweakness.com
analysis challenges code continue +17
Strengthening Cybersecurity: The Essentials of Link Pre-screening Based on Threat Intelligence 1 day, 5 hours ago | systemweakness.com
cloud computing continue cybersecurity information +15
Crack the Code Like Caesar: Build Your Own Secret Message Encrypter! [Python code included] 1 day, 5 hours ago | systemweakness.com
cipher cybersecurity encryption python +1
Hacking Outside of Private Network — Ethical Hacking as a Beginner [10] 1 day, 5 hours ago | systemweakness.com
beginner cybersecurity device devices +12
Enhancing Digital Forensics Capabilities Through Open Source Intelligence Tools in a Home Lab… 1 day, 5 hours ago | systemweakness.com
analysis capabilities collection critical +23
The Future of Programming: A Look at Emerging Languages Shaping Software Development 4 days, 6 hours ago | systemweakness.com
address article changing development +14
Cyber Detectives Unite: Advanced Tools for Web Security 4 days, 6 hours ago | systemweakness.com
bug bounty computer science cybersecurity ethical hacking +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Threat Analysis Engineer

@ Gen | IND - Tamil Nadu, Chennai
View on infosec-jobs.com

Head of Security

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com

IT Security Vulnerability Management Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com

Security Engineer - Netskope/Proofpoint

@ Sainsbury's | Coventry, West Midlands, United Kingdom
View on infosec-jobs.com

Journeyman Cybersecurity Analyst

@ ISYS Technologies | Kirtland AFB, NM, United States
View on infosec-jobs.com
View more jobs