TryHackMe - Mustacchio
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixUzs7LOeHVvO16fOhd8zUGlrNM9A4i6H92Qb-snGMvbqozj4-wNzItc-1Sh9tefM8Hx1duN3o6BWk4FWECWtogl5QRj_PVb0OkglVIxnB4HBFB8TfzbWlOTGbpwshOLzj4fnU1XNNp-oU/w640-h101/Mustacchio.png)
Here is Strupo_'s write-up for an "Easy boot2root Machine" called Mustacchio , by zyeinn , on TryHackMe.com . The challenge was solved by conducting some basic enumeration, exploiting an XXE injection vulnerability, cracking a password, and leveraging an SUID binary to root the system. Enumeration To begin, nmap was used to determine open ports: $ nmap -p- --open -sV -v -Pn -oA nmap-mustacchio 10.10.81.167 <snip> PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) 8765/tcp open http nginx 1.10.3 (Ubuntu) <snip> Manually browsing to the web servers revealed a mustache based blog on 80/tcp and an admin login prompt hosted on 8765/tcp as seen below: Admin Panel Login Next, ffuf was used to enumerate content on the web server: $ ffuf -u http://10.10.81.167/FUZZ -w /usr/share/wordlists/dirb/big.txt <snip> .htaccess [Statu