Advent of Cyber 4 - Day 9

Link: Advent Of Cyber 4 on TryHackMe

Question 1

Deploy the attached VM, and wait a few minutes. What ports are open?

Run nmap -sV -sS $IP

Answer: 80

Question 2

What framework is the web application developed with?

Browse to the page.

Answer: CVE-2021-3129

Question 3

What CVE is the application vulnerable to?

We search for laravel and use the info term to get the details of the CVE.

Answer: CVE-2021-3129

Question 4

What command can be used to upgrade the last opened session to a Meterpreter session?

From the explanation we find:

Answer: sessions -u -1

Question 5

What file indicates a session has been opened within a Docker container?

From the internet: /.dockerenv

Answer: /.dockerenv

Question 6

What file often contains useful credentials for web applications?

See (Question 4)

Answer: .env

Question 7

What database table contains useful credentials?

We find the table schema dump, there is a table called users:

Answer: users

Question 8

What is Santa's password?

Answer: p4$$w0rd

Question 9

What ports are open on the host machine?

We run proxychains -q nmap -n -sT -Pn -p 22,80,443,5432 172.17.0.1:

Answer: 22,80

Question 10

What is the root flag?

We login with the credentials and get the root flag:

Answer: THM{47C61A0FA8738BA77308A8A600F88E4B}