Agent T

Room Link: https://tryhackme.com/room/agentt

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

No other ports found.

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

TCP/80 - HTTP

Dirb wasn't working so I went to the url and it brought me to the admin page, but nothing actually worked.

In the burp request we can see it is powered by PHP/8.1.0-dev which has a rce exploit.

Exploit

git clone https://github.com/flast101/php-8.1.0-dev-backdoor-rce.git
cd php-8.1.0-dev-backdoor-rce/  
python backdoor_php_8.1.0-dev.py
PreviousSQL Injection LabNextAvengers Blog

Last updated