{"id":84,"date":"2021-03-21T21:44:00","date_gmt":"2021-03-21T21:44:00","guid":{"rendered":"https:\/\/thecyberstaff.com\/?p=84"},"modified":"2025-12-13T21:45:23","modified_gmt":"2025-12-13T21:45:23","slug":"vulnversity-tryhackme-lab","status":"publish","type":"post","link":"https:\/\/thecyberstaff.com\/?p=84","title":{"rendered":"Vulnversity- TryHackMe lab"},"content":{"rendered":"\n

Today I am working on the Vulnversity challenge from tryhackme.com<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

I start with an nmap scan with the service version flag against the host: nmap -sV hostipaddress<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

TryHackMe had a great nmap reference table so I pasted it below:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I found a web server on port 3333 and started to look into it<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

I then used the tool gobuster to check for pages on the web server<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

Cheching the internal page, I found an upload form<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Now I can upload a reverse shell<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

The form did not allow .php file types, I used Burp Suite to attempt different file types, .phtml worked so I just renamed the file.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

I started a netcat listener on my attack machine to connect to the reverse shell<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

I uploaded the file and connected to a shell <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

I now have a shell on the webserver, next I need to escalate privileges<\/p>\n","protected":false},"excerpt":{"rendered":"

Today I am working on the Vulnversity challenge from tryhackme.com I start with an nmap scan with the service version flag against the host: nmap -sV hostipaddress TryHackMe had a great nmap reference table so I pasted it below: I found a web server on port 3333 and started to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-84","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-pentesting"],"brizy_media":[],"_links":{"self":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/84","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=84"}],"version-history":[{"count":1,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/84\/revisions"}],"predecessor-version":[{"id":85,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/84\/revisions\/85"}],"wp:attachment":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=84"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=84"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=84"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}