Tony The Tiger
Support Material
Reconnaissance
Lets run nmap scans to find open ports and services
Find Tony's flag
Lets visit the webpage
Reading the blogs, we can read that the photos might have a deeper meaning to them, so lets download the images to our machine and use our steganography
skills to find hidden information in the images.
The first image can be found when we click read more on the second blog
And the next picture can be found on the first blog
We can go to the source code and the get the location of the images so that we can download them to our machine
We get nothing with steghide
Lets use the strings
command
We have the flag
Exploit
Once downloaded, lets unzip this file
Lets now go check out the application running on port 8080
Its called JBoss
. Lets try to login , lets click Administration Console
We do not have credentials so lets go to google and look for default creds and see if they work.
Lets see if these work
And they do , we are logged in. Lets go to Google to look for vulnerabilities for the application.
Lets clone this github repo and use this tool
We have some requirements that we need to download, so lets do that
Lets run the exploit
We can run command on the machine, lets run a reverse shell script to get a reverse shell on the machine.
Lets first start a Netcat listener
Lets now run the command
We have a shell on the machine, lets stabilize the shell
Looking through the machine, we see this interesting file
We have the password for the user JBoss
, lets switch users
Privilege Escalation
Lets run sudo -l
to see what we can run as other users
Looks like we can run the find
command. Lets go to GTFOBins and find the command to get root on the machine.
Lets run this command
We are root.
The flag for task 6 can be found here
And the final flag here
Its base64 and md5 encoded so you can decode it on your own :)
Last updated