100 Days of Hacking - Day 6
Objectives of day 6 :
- Complete a tryhackme room
2. Perform recon on a live target
Reports of day 6 :
I started the day with this wonderful tryhackme room. It’s called lazy admin and it’s about exploiting poorly configured CMS(content management system). CMS may be a bit secure but if our configurations has some flaws or if we are not updated our firmware to the latest version with patches it may be exploitable.
I found the initial user.txt flag easily by basic fuzzing and cms-based go buster wordlists. Reading the documentation of the cms also gave me a great idea about the part where I have to log in as an admin.
I uploaded a reverse shell and yeet it worked!!!
It was a little tough to escalate my privilege from var-www to root. I learned some of these techniques yesterday using the checklist and it was easy since the authors made the challenge easy by showing a file that can be run using Perl as the root user.
and there we go yayy solved the room.
Recon Recon Recon
I organized my VPS for recon and transferred my failed bug bounty recons to the cloud as it was taking up too much space.
Hey guys and so you know I decided to take up CEH classes and write the exam on upcoming April session.
sbin/shutdown(day6)
