\\\\\\ <<< LAZY ADMIN >>> \\\\\\
IT’S A EASY MACHINE IN TRYHACKME YOU HAVE TO GET 2 USER KEYS: — 🤨️
—– ROOT FLAG
1. Started a Nmap scan __= Nmap -A -T4 -p 1-3000 <ip>
Founded two open ports -( ssh. HTTP )
2. Started to go buster and scanned with dir mode with a common txt file __= go buster dir -u HTTP://<ip> -w /usr/share/wordlists/dirb/common.txt
Here we will find many useful directories (found a new login page )
Don’t need to scan further.
3. By going into the browser to that login page we found it is on a sweet rice service.
<<<<Lazy Admin ENUMARATION>>>>
1. Here we know that the service is running on sweet rice and now it’s time to check that there is any exploit is provided in exploit or not.
2. Here we found many exploits we need that backup SQL one. After viewing it we got to know that there is a vulnerability of SQL database in the particular version. After reading it we will found a dir named inc and there we will found a SQL folder check the SQL file and you found the password and user !! The password is hashed we have to decrypt!
1. By entering the user and password in the login screen we found an ads section on the dashboard.
2. It’s time to upload the PHP reverse shellcode in the ads and start natcat shell.
3. Boom we have a shell now. How are you feeling… Here you can access your user.txt flag in-home/guy.
Lazy Admin | Walkthrough | Tryhackme