jueves, 1 de julio de 2021

Couch TryHackMe Writeup

 |  , , , ,  | 

logo

Scanning

We launched the nmap tool, with script and software versions.

Enumeration

We access the site, and at first glance we see a couchdb information leak.

Looking for information about this software, I find some basic commands that will help us to obtain information from the different databases.

List all the databases

Displays the database information we specify

Example of obtaining relevant information:

Exploitation

Now that we know how it works, let's check the database called "secret" and get some credentials in plain text.

We access through the SSH service and read the flag of user.txt.

Privilege Escalation

We read the file ".bash_history", we find a record of a connection to docker.

Reading of the root flag

About

David Utón is Penetration Tester and security auditor for web and mobiles applications, perimeter networks, internal and industrial corporate infrastructures, and wireless networks.

Contacted on:

David-Uton @David_Uton

Share This:    Facebook Twitter Linkedin

Related Posts:

  • VulnNet: Endgame ScanningWe scan with nmap all ports, scripts and software versions.EnumerationAccessing the site by IP address, we see that the web service is o… Read More
  • Shoppy HackTheBox WriteupScanningWe performed an nmap scan of all ports, including scripts and software versions. We list the domain "shoppy.htb" in the nmap information.Enume… Read More
  • Capture TryHackMe Writeup Scanning We scan the open ports with the nmap tool with scripts and software versions. > nmap -sVC -p- --min-rate 5000 10.10.183.73 -Pn -n -oN nma… Read More
  • Faculty HackTheBox WriteupScanningWe launch nmap tool with scripts and versions on 22 and 80 ports.We see that it shows us a redirection to "faculty.htb", we put it in our "/et… Read More
  • UpDown HackTheBox Writeup ScanningWe scan with nmap to all ports, with scripts and software versions::EnumerationWe access the web resource, list the domain "siteisup.htb… Read More