TryHackMe|Poster WriteUp\Walkthrough (English)

Poster

Room Link: https://tryhackme.com/r/room/poster

============================================================

• sudo nmap IP -vv. You have 3 ports open 22,80,5432. sudo nmap IP -sV -p 5432 you will get the RDBMS installed in the server which is PostgreSQL.
• Enumerate the credentials using auxiliary/scanner/postgres/postgres_login. You will get Postgres:*******.
• use auxiliary/admin/postgres/postgres_sql to get the version of the rdbms.
• use auxiliary/scanner/postgres/postgres_hashdump to dump hashes. You will get 6 hashes.
• use auxiliary/admin/postgres/postgres_readfile to read a file from the server as an authenticated user.
• Exploit the machine by exploit/multi/postgres/postgres_copy_from_program_cmd_exec. You will get a shell. Spawn an interactive shell python3 -c 'import pty; pty.spawn("/bin/bash")'. Look around the server and search for interesting files. There is one in dark’s home directory called credentials. Use these credentials to log in to the machine using ssh and then /bin/bash -i.
• Search for the user.txt file, you will find it in alison’s home directory but you don’t have permissions to read it. search for the files owned by alison, you will find a file called config.php. In this file you will find the credentials. su alison enter the password and now you can read the user.txt file ✨.
• sudo -l this shows that alison can run any command with sudo. sudo su, cd /root, cat root.txt ✨.