filmov
tv
TryHackMe LazyAdmin Walkthrough - Penetration Testing Tutorial
Показать описание
This LazyAdmin tutorial is a complete step-by-step walkthrough of the CTF challenge LazyAdmin from TryHackMe showing all commands used and detailly explaining what each command aims to achieve. THM is an online platform that uses short, gamified real-world labs to teach cyber security. THM has content for complete beginners as well as experienced hackers, with guides and challenges to accommodate various learning styles. The LazyAdmin task is an exercise on the TryHackMe platform which tests the learner’s ability to exploit a vulnerable web server. The exercise was successfully completed as follows
This video was made by Hussein and generously shared with us, please subscribe to his channel and follow him on Twitter:
This is our TryHackMe LazyAdmin walkthrough, by rooting this machine we will refresh our understanding of basic information gathering, scanning and enumeration, exploitation, and privilege escalation. Like always the first thing we will do before starting the Lazy Admin machine on TryHackMe is to launch our OpenVPN config file, then we will start our machine.
The first thing I did in this TryHackMe LazyAdmin walkthrough is I conducted a Nmap scan and found 2 open ports, port 80 for a web server, and port 22 for SSH. I directly went and started enumerating the web server that is running on port 80 it had a default page. Then I started running my GoBuster scan and found that there is a hidden directory called /content then I quickly checked on it, from what I saw that it might be running a CMS called Sweet Rice, then I started GoBuster again and found a hidden directory called /inc, then I quickly went to it, and found that it has DB related files and we have found a mysqlbackup, then I started looking into the database and found a user called “manager” with admin privileges, and this user had a hashed password so I went to crackstation and cracked the hash which turns out the user manager uses “Password123” as his login password.
Throughout the completion of this LazyAdmin rooting process, I had GoBuster running in the background and we have found a directory called /as it had a login panel for the sweet rice CMS. So I slapped in the user name manager with the password Password123 and it was a success we have successfully logged in. I started exploring the application and found a functionality called “Ads” which had a feature to upload our malicious code into the website, so I had my malicious code ready, started a netcat listener, and boom I got a shell.
I have now successfully obtained the user flag by heading to the /home/itguy directory, marking the first part of this LazyAdmin tutorial completed.
#TryHackMe #PenetrationTesting #EthicalHacking
This video was made by Hussein and generously shared with us, please subscribe to his channel and follow him on Twitter:
This is our TryHackMe LazyAdmin walkthrough, by rooting this machine we will refresh our understanding of basic information gathering, scanning and enumeration, exploitation, and privilege escalation. Like always the first thing we will do before starting the Lazy Admin machine on TryHackMe is to launch our OpenVPN config file, then we will start our machine.
The first thing I did in this TryHackMe LazyAdmin walkthrough is I conducted a Nmap scan and found 2 open ports, port 80 for a web server, and port 22 for SSH. I directly went and started enumerating the web server that is running on port 80 it had a default page. Then I started running my GoBuster scan and found that there is a hidden directory called /content then I quickly checked on it, from what I saw that it might be running a CMS called Sweet Rice, then I started GoBuster again and found a hidden directory called /inc, then I quickly went to it, and found that it has DB related files and we have found a mysqlbackup, then I started looking into the database and found a user called “manager” with admin privileges, and this user had a hashed password so I went to crackstation and cracked the hash which turns out the user manager uses “Password123” as his login password.
Throughout the completion of this LazyAdmin rooting process, I had GoBuster running in the background and we have found a directory called /as it had a login panel for the sweet rice CMS. So I slapped in the user name manager with the password Password123 and it was a success we have successfully logged in. I started exploring the application and found a functionality called “Ads” which had a feature to upload our malicious code into the website, so I had my malicious code ready, started a netcat listener, and boom I got a shell.
I have now successfully obtained the user flag by heading to the /home/itguy directory, marking the first part of this LazyAdmin tutorial completed.
#TryHackMe #PenetrationTesting #EthicalHacking
0:07:52
0:20:38
0:21:00
0:24:00
0:07:31
0:04:24
0:19:57
0:10:26
0:23:34
0:16:48
0:17:39
0:21:55
0:19:32
0:31:08
0:31:45
0:08:51
0:22:50
0:16:56
0:18:05
0:14:02
0:36:44
![[HINDI] LazyAdmin Walkthrough](https://i.ytimg.com/vi/KTcWQx2E7Pw/hqdefault.jpg)
0:18:11
0:36:32
0:04:43