Link: Advent Of Cyber 4 on TryHackMe
Deploy the attached VM, and wait a few minutes. What ports are open?
Run nmap -sV -sS $IP
Answer: 80
What framework is the web application developed with?
Browse to the page.
Answer: CVE-2021-3129
What CVE is the application vulnerable to?
We search for laravel and use the info term to get the details of the CVE.
Answer: CVE-2021-3129
What command can be used to upgrade the last opened session to a Meterpreter session?
From the explanation we find:
Answer: sessions -u -1
What file indicates a session has been opened within a Docker container?
From the internet: /.dockerenv
Answer: /.dockerenv
What file often contains useful credentials for web applications?
See (Question 4)
Answer: .env
What database table contains useful credentials?
We find the table schema dump, there is a table called users:
Answer: users
What is Santa's password?
Answer: p4$$w0rd
What ports are open on the host machine?
We run proxychains -q nmap -n -sT -Pn -p 22,80,443,5432 172.17.0.1:
Answer: 22,80
What is the root flag?
We login with the credentials and get the root flag:
Answer: THM{47C61A0FA8738BA77308A8A600F88E4B}