Tryhackme : Daily Bugle

Task 1 : Deploy .

#1 Access the web server, who robbed the bank?

By Accessing the web server you gonna see who robbed the bank Spider-Man .

Task 2 : Obtain user and root .

First , we are going to make a port scan using Nmap scanner.

let’s check directory /robots.txt

and all Directorys

let’s check /administrator/

#1 What is the Joomla version?

let’s check for Joomla version .

Im gonna make script python to check for us Joomla version .

python name_of_file.py

Joomla Version is 3.7.0 .

#2 What is Jonah’s cracked password?

First let’s use joomblah-3 script python to exploit sqli

and we found Jonah hash-password

Now we need to crack hash john --format=bcrypt --wordlist=/usr/share/wordlists/rockyou.txt .

we got the jonah password.

#3 What is the user flag?

Alright so now we can login on joomla CMS with user jonah

I removed all the code from index.php file and inserted the code for a reverse-shell

and we got shell .

On visiting the /home directory i found out that this machine has a user called jjameson

let’s find password jjameson.

and we found it .

We’ll now go to a website called https://gtfobins.github.io/ which allows us to perform binary exploitation to escalate our privileges root with an ease.

and we got root .