type
status
date
slug
summary
tags
category
icon
password
Catagory
Materials
Retired
Retired
Due date
Jan 16, 2024 05:30 AM
Status
Belong in
Progress
Enumerate
What is the name of the large cartoon avatar holding a sniper on the forum?
Agent 47
Gain the foothold
When you've logged in, what page do you get redirected to?
Use the sqlmap to gain the hole db,saving the request
In the users table, what is the hashed password?
ab5db915fc9cea6c78df88106c6500c57f2b52901ca6c0c6218f04122c3efd14
What was the username associated with the hashed password?
agent47
What was the other table name?
post
Cracking the password with John
What is the de-hashed password?
videogamer124
We can login the victim machine
User Flag
Privilege Escalation
Argument | Description |
-t | Display TCP sockets |
-u | Display UDP sockets |
-l | Displays only listening sockets |
-p | Shows the process using the socket |
-n | Doesn't resolve service names |
How many TCP sockets are running?
5
根據上述enumerate connections,我們可以知道port 10000有在服務但是前面在掃瞄時並未發現此port,故表示被防火牆阻擋。 將自己主機的10000 port
What is the name of the exposed CMS?
webmin
What is the CMS version?
1.580
搜尋webmin此版本可以利用的弱點
使用metasploit
Root flag
a4b945830144bdd71908d12d902adeee
Reference
- 作者:ji3g4gp
- 連結:https://gpblog.vercel.app//article/Try-Hack-Me-GameZone
- 著作權:本文採用 CC BY-NC-SA 4.0 許可協議,轉載請註明出處。