Kiba

Lets search on google for the answer to the first question

Scanning

Lets run network scans to find open ports and services

Enumeration

Lets check the webpage running on port 80

There is nothing. Lets check Port 5044

Nothing. Lets check Port 5601

We have a Kibana app running, lets check the version in the Management tab

Lets look for a vulnerability on this version on Google.

Exploitation

Looks like we found it. Lets download the exploit script.

Lets look at the exploit

Looks like we have options to set, lets first start a netcat listener.

Now lets run the exploit with the right options

We have a shell, lets read the user flag.

Privilege Escalation

The next tryhackme question is talking about capabilities so lets go check how we can see capabilities in Linux.

We can see what this capability is here.

Looks like we can change the UID with the python3 file in the kiba directory, lets check it out.

Lets run the file and make it change our UID to 0 which is the UID for root.

We are now root, lets read the root flag

Last updated