📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • Support Material
  • Reconnaissance
  • Find Tony's flag
  • Exploit
  • Privilege Escalation

Was this helpful?

  1. TryHackMe
  2. Challenges (CTF): Easy

Tony The Tiger

PreviousAnthemNextJack-of-All-Trades

Last updated 3 years ago

Was this helpful?

Support Material

Reconnaissance

Lets run nmap scans to find open ports and services

Find Tony's flag

Lets visit the webpage

Reading the blogs, we can read that the photos might have a deeper meaning to them, so lets download the images to our machine and use our steganography skills to find hidden information in the images.

The first image can be found when we click read more on the second blog

And the next picture can be found on the first blog

We can go to the source code and the get the location of the images so that we can download them to our machine

We get nothing with steghide

Lets use the strings command

We have the flag

Exploit

Once downloaded, lets unzip this file

Lets now go check out the application running on port 8080

Its called JBoss. Lets try to login , lets click Administration Console

We do not have credentials so lets go to google and look for default creds and see if they work.

Lets see if these work

And they do , we are logged in. Lets go to Google to look for vulnerabilities for the application.

Lets clone this github repo and use this tool

We have some requirements that we need to download, so lets do that

Lets run the exploit

python jexboss.py 10.10.121.22:8080

We can run command on the machine, lets run a reverse shell script to get a reverse shell on the machine.

Lets first start a Netcat listener

Lets now run the command

We have a shell on the machine, lets stabilize the shell

Looking through the machine, we see this interesting file

We have the password for the user JBoss, lets switch users

Privilege Escalation

Lets run sudo -l to see what we can run as other users

Lets run this command

We are root.

The flag for task 6 can be found here

And the final flag here

Its base64 and md5 encoded so you can decode it on your own :)

Looks like we can run the find command. Lets go to and find the command to get root on the machine.

GTFOBins