Tools R Us CTF | TryHackMe | NMAP, Nikto, & Metasploit

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody my name is Ron and welcome to this walkthrough video of the room tools are us in this video we'll be using tools such as dirtbuster Hydra nmap nicto and Metasploit in this video we'll be looking for those hidden directories taking advantage of weaknesses and grabbing those flags now my goal for this video is to reinforce my own learning and show you my thought process and hopefully help you out with this room now if you have any comments suggestions ideas put it in the comments below and if you found this content useful hit that Thumbs Up And subscribe and without further Ado let's get into it all right let's go ahead and get started with Tools R Us practice using tools such as dirtbuster Hydra and map nicto and Metasploit so first thing let's go ahead and start our machine and once we have that running let's check it out unfortunately Tools R Us is down for upgrades other parts of the website is still functional see if they hit anything in the source code seem to be okay so let's go ahead and start our usual scans get that IP address do our nmap [Music] so Dash a for aggressive this gives us detailed information about the computer like the operating system Dash SC gives us the default scripts SV checks for versions of the services and dash on gives us the output and let's uh do a go Buster wow that's all our nmap is doing work next let's run gobuster to find out which directories are hidden so if you notice at the end I'll also put Dash X to find a certain file extensions such as PHP and text files and now that our nmap is done we see that we have Port 22 SSH open 80 one two three four and eight thousand nine for Apache jserv let's see if our gobuster found some directories yet so we see that we have guidelines thank you [Music] hey Bob did you update the Tomcat server so who is Bob [Music] so now that we have a bit of information let's go ahead and answer some questions so first question what directory can you find that begins with the G I believe we found guidelines all right whose name can you find from this directory we found Bob hi Bob what directory has basic authentication let's see uh what else our Go Buster found just guidelines oh no seems like I stopped it let's go ahead and uh continue that so while we're still waiting for gobuster to find us those directories let's try to answer some of these questions what other Port that serves as Webb's service is open on the machine so let's go back to our end map it looks like it's one two three four for Apache Tomcat 24 what is the name and version of the software running on the port from question five let's look at that format that they want us to submit here okay it looks like this one Apache Tomcat 7088 foreign anything else right now nothing just still on guidelines okay finally after about seven percent it found protected so let's put that in here okay this is the Authentication so what directory has basic authentication it was protected next question what is Bob's password to the protected part of the website let's make a new tab here and run Hydra so we have Hydra L and we'll be using the log and Bob Dash capital P for the word list and let's use the usual rock you sure or lists I have rock you in here 10 or 10 88 120 HTTP Dash gets [Music] and protected let's see if this works yeah but I think that's it okay we see that Bob's password is Bubbles so what is Bob's password to the protective part of the website it is Bubbles it's to Bob and Bubbles [Music] this page has now moved to a different port let's look at the page store see if anything's hidden nothing use nickto with the credentials you have found and scan the manager HTML directory on the port found above so let's see nikto Dash H for hosts let's go ahead and copy that IP address again and I believe the ports was one two three four Let's uh let's be a little bit more precise here let's go ahead and put that HTTP there and they said manager HTML [Music] and the username was off and the password was bubbles [Music] so let's see if this is the right format here okay after letting nicktole scan for quite some time we find that the server version was Apache coyote 1.1 but I am still unsure about the number of documentations foreign so now that we're looking for a regular server version let's go ahead and just do a regular nickto scan without the user's credentials and we'll see that the server is running Apache 2.4.18 keep in mind that this was also found in our nmap scan how many documentation files did nickto identify so looking at nikto's results I couldn't really find the number of documentation files so what I did here instead is just go to the actual manager HTML and saw that there are five different I guess you can call it applications and this is what they meant by documentation files so we have manager if7 host manager examples and Docs so let's see so next question use Metasploit to exploit the service and get a shell on the system what user did you get the shell as so let's go ahead and run msf console and let's search for Tomcat let's try manager upload so we chose Tomcat manager upload because we're obviously on manager HTML here on Port 1234 so let's just give this a shot so now let's show options and let's set the following settings let's set the HTTP password I believe the password was bubbles let's set the username that was Bob let us set let's see what else the r hosts that is the IP address which is 10 1088 124. let's make sure that the r Port is also set and it was one two three four [Music] so make sure that we have our correct try Hackney VPN here so let's set the L hosts to 10.13.0.12 this is mine yours should be different and let's hit run see if this works all right we got an interpreter session so let's start off with your uid who am I I am root [Music] and the last question is what is that flag and the root directory so let's go ahead and navigate there CD roots and let's go ahead and cap whatever's in here and it should be nope it's not in here what let's see what's in here oh it's Flag cat flag.txt so there we go this is the flag [Music] all right that concludes the room tools are us I hope it was easy enough to follow and if you found it helpful please give me a thumbs up and subscribe for more cyber security content anyways thank you guys for watching and see you on the next one [Music]
Info
Channel: RonR1337
Views: 117
Rating: undefined out of 5
Keywords:
Id: AXJ1V0q9q1A
Channel Id: undefined
Length: 9min 42sec (582 seconds)
Published: Wed Sep 27 2023
Related Videos
Bounty Hacker CTF | TryHackMe | Hydra & NMAP
RonR1337
88
I Ran Advanced LLMs on the Raspberry Pi 5!
Data Slayer
56K
RootMe CTF | TryHackMe | Nmap, Gobuster & Reverse Shell Guide
RonR1337
345
The Linux Universe
LJ Tech Tips
518
Oh no, I think I like this
Theo - t3․gg
51K
How To Structure A Programming Project…
Tech With Tim
60K
HackTheBox Jeeves CTF walkthrough - Juicy Potato Attack
faan ross
619
TryHackMe! PickleRick - BYPASSING Denylists
John Hammond
265K
How to Prepare for a Capture the Flag Hacking Competition
CBT Nuggets
40K
GPT Store Just Launched! Here's an Actual Secret...
The AI Advantage
18K
Mr. Robot CTF | TryHackMe
RonR1337
1.7K
Splunk 2 Boss of the SOC (BOTS) - 300 Series | TryHackMe | Splunk Analysis
RonR1337
369
Using nmap to scan networks (Awesome Linux Tools)
Learn Linux TV
29K
Agent Sudo CTF | TryHackMe | Steganography, Hydra, & John The Ripper
RonR1337
241
DeadSec CTF 2023 Challenge Writeups (2x Crypto, 2x Pwn, 3x Web, 1x Misc)
SloppyJoePirates CTF Writeups
1.2K
this BASH script will make you a MILLIONAIRE
NetworkChuck
668K
I Played Beginner-Level Security CTFs For 30 Days - Here's What I Learned
Grant Collins
628K
TryHackMe! EternalBlue/MS17-010 in Metasploit
John Hammond
257K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.