Kiba
Lets search on google for the answer to the first question
Scanning
Lets run network scans to find open ports and services
Enumeration
Lets check the webpage running on port 80
There is nothing. Lets check Port 5044
Nothing. Lets check Port 5601
We have a Kibana app running, lets check the version
in the Management tab
Lets look for a vulnerability on this version on Google.
Exploitation
Looks like we found it. Lets download the exploit script.
Lets look at the exploit
Looks like we have options to set, lets first start a netcat listener.
Now lets run the exploit with the right options
We have a shell, lets read the user flag.
Privilege Escalation
The next tryhackme question is talking about capabilities so lets go check how we can see capabilities in Linux.
We can see what this capability is here.
Looks like we can change the UID
with the python3
file in the kiba
directory, lets check it out.
Lets run the file and make it change our UID to 0 which is the UID for root.
We are now root, lets read the root flag
Last updated