Advent of Cyber 2022 [Day9]-Pivoting | Dock the halls — Short Writeup and Walkthrough

Advent of Cyber 2022 [Day9]-Pivoting | Dock the halls Writeup and Walkthrough Task 14 Answers by Karthikeyan Nagaraj

1. Deploy the attached VM, and wait a few minutes. What ports are open?

Perform a Port Scan with Nmap

Ans: 80

2. What framework is the web application developed with?

Open the <Machine-Ip> in a Browser, At the Bottom it will display the String Laravel

Ans: laravel

3. What CVE is the application vulnerable to?

Ans: CVE-2021-3129

4. What command can be used to upgrade the last opened session to a Meterpreter session?

Ans: sessions -u -1

5. What file indicates a session has been opened within a Docker container?

What is Docker?

Docker is a way to package applications, and the associated dependencies into a single unit called an image. This image can then be shared and run as a container, either locally as a developer or remotely on a production server. Santa’s web application and database are running in Docker containers, but only the web application is directly available via an exposed port. A common way to tell if a compromised application is running in a Docker container is to verify the existence of a /.dockerenv file at the root directory of the filesystem.

Ans: /.dockerenv

6. What file often contains useful credentials for web applications?

env file contains the individual user environment variables that override the variables set in the /etc/environment file.

Ans: .env

7. What database table contains useful credentials?

Ans: users

8. What is Santa’s password?

1 remote code execution

 use auxiliary/admin/postgres/postgres_sql
run postgres://postgres:postgres@<MACHINE_IP>/postgres sql='select * from users'

We got the Passwords!!

Ans: p4$$w0rd

9. What ports are open on the host machine?

Ans: 22,80

10. What is the root flag?

Thank you for Reading!!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Queries:

THM , TryHackMe , TryHackMe Advent of Cyber 2022 , TryHackMe Advent of Cyber 4 Day 9, Ethical Hacking , Write up , Walk through , TryHackMe Advent of Cyber 2022 Day 9 Answers

From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 GitHub Repos and tools, and 1 job alert for FREE!