Hi everyone, This is Ayush Bagde aka Overide on Try Hack Me and today I am going to take you all to the walkthrough of the machine “Source” which is a beginner friendly machine on Try Hack Me.
I’ll tell you in the shortest way possible to solve this machine. Don’t just get shocked after seeing the way.
Room Link is here.
Let’s Start. First Thing First deploy the machine.
TASK 1 EMBARK
Enumerate and root the box attached to this task. Can you discover the source of the disruption and leverage it to take control?
This virtual machine is also included in the room AttackerKB as part of a guided experience. Additionally, you can download the OVA of Source for offline usage from https://www.darkstar7471.com/resources.html
Let’s Start from The Basic thing.
By doing Nmap we got the following output:
As we can see there are two ports open one is 22 and another open is 10000. We don’t know the username and password for 22 so we cannot go further.
What Now, let’s visit port Number 10000.
I see this and it told me to try visiting url with https. Now let’s visit again with https. URL will be https://<ip address>:10000.
You’ll get a error just go to advance options and proceed to the website. I saw a login page made with webmin. Webmin is a web-based system configuration tool for Unix-like systems. Now we don’t know the credentials again. Now what to do.
So I then thought why not to run Gobuster on this port.
And here is the Output:
After This I was like
Now after This I think alot what should I do
Then I got an idea to use metasploit to see if webmin has any vulnerabilities or not.
And here is the output
I was very happy after that to see vulnerabilities exist. Here be careful we need to use that exploit which doesn’t ask for any credentials.
I used 2 which is exploit/linux/http/webmin_backdoor. Let’s exploit.
We want to set RHOSTS, LHOST and the important thing to set is SSL which is by default is false. If have to make it True to be able to exploit successfully. This is after filling the above information.
Simply type run or exploit.
We got the shell. HOORAY!!!!
But it is unstable let’s make it stable by writing the following command.
python3 -c ‘import pty;pty.spawn(“/bin/bash”)’
Now its party time we got the stable shell.
Now Let’s find the user and root flag. It’ll be in the /root directory of course.
Now let’s read the user flag. Go to /home/dark and cat the user.txt flag.
1. User.txt Flag
2. Root.txt Flag
If you enjoyed reading this follow our publication and you’ll be blessed with more such writeups. Here is our discord link. We’re making India’s biggest hacking community feel free to join.
Till Then BYE!!!