Tony The Tiger

Support Material



Reconnaissance
Lets run nmap scans to find open ports and services




Find Tony's flag
Lets visit the webpage

Reading the blogs, we can read that the photos might have a deeper meaning to them, so lets download the images to our machine and use our steganography
skills to find hidden information in the images.
The first image can be found when we click read more on the second blog

And the next picture can be found on the first blog

We can go to the source code and the get the location of the images so that we can download them to our machine

We get nothing with steghide

Lets use the strings
command

We have the flag
Exploit

Once downloaded, lets unzip this file

Lets now go check out the application running on port 8080

Its called JBoss
. Lets try to login , lets click Administration Console

We do not have credentials so lets go to google and look for default creds and see if they work.

Lets see if these work

And they do , we are logged in. Lets go to Google to look for vulnerabilities for the application.

Lets clone this github repo and use this tool

We have some requirements that we need to download, so lets do that

Lets run the exploit
python jexboss.py 10.10.121.22:8080

We can run command on the machine, lets run a reverse shell script to get a reverse shell on the machine.
Lets first start a Netcat listener

Lets now run the command


We have a shell on the machine, lets stabilize the shell

Looking through the machine, we see this interesting file

We have the password for the user JBoss
, lets switch users

Privilege Escalation
Lets run sudo -l
to see what we can run as other users

Looks like we can run the find
command. Lets go to GTFOBins and find the command to get root on the machine.

Lets run this command

We are root.
The flag for task 6 can be found here

And the final flag here

Its base64 and md5 encoded so you can decode it on your own :)
Last updated
Was this helpful?