Showing posts from June, 2021

TryHackMe - Mustacchio

Here is Strupo_'s write-up for an "Easy boot2root Machine" called Mustacchio , by zyeinn , on . The challenge was solved by conducting some basic enumeration, exploiting an XXE injection vulnerability, cracking a password, and leveraging an SUID binary to root the system.  Enumeration To begin, nmap was used to determine open ports: $ nmap -p- --open -sV -v -Pn -oA nmap-mustacchio <snip> PORT     STATE SERVICE VERSION 22/tcp   open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) 80/tcp   open  http    Apache httpd 2.4.18 ((Ubuntu)) 8765/tcp open  http    nginx 1.10.3 (Ubuntu) <snip> Manually browsing to the web servers revealed a mustache based blog on 80/tcp and an admin login prompt hosted on 8765/tcp as seen below: Admin Panel Login Next, ffuf was used to enumerate content on the web server: $ ffuf -u -w /usr/share/wordlists/dirb/big.txt <snip> .htaccess               [Statu