[Day 9] Pivoting

December 9, 2022

This challenge was certainly the most complex out of the entire room. The general objectives were to exploit a vulnerable machine and pivot to a docker container to exfiltrate data.

I first enumerated my target with nmap and found some framework information on the webpage. This led me to a vulnerability I could exploit. Once I knew my exploit I could use it with the Metasploit framework.

I was required by THM to use meterpreter and Metasploit for this challenge. Something I did not know is that when pivoting, meterpreter can find IP addresses for the routing tables

Combining this information and the .env information, I am able to add the proper routing table to my meterpreter session.

Once I knew what my targets were, I could begin exfiltrating database information.

I would use these credentials to ssh in and receive the root flag.

Flags

Deploy the attached VM, and wait a few minutes. What ports are open?

80

What framework is the web application developed with?

Laravel

What CVE is the application vulnerable to?

cve-2021-3129

What command can be used to upgrade the last opened session to a Meterpreter session?

sessions -u -1

What file indicates a session has been opened within a Docker container?

/.dockerenv

What file often contains useful credentials for web applications?

.env

What database table contains useful credentials?

users

What is Santa's password?

p4$$w0rd

What ports are open on the host machine?

22,80

What is the root flag?

THM{47C61A0FA8738BA77308A8A600F88E4B}