hello guys , it’s your boy 0UR4N05 again , today we gonna exploit a room named bolt in tryhackme
[1]-Enumeration and scanning :
Let’s run a Nmap scan against the machine to see open ports :
$ nmap <IP> -A -T4
we can see 3 ports , an ssh and 2 web app open ports
port 80 :
port 8000 :
so port 8000 is our target , after exploring it a while i found the password and the username in a post by the admin (WTF hh !!)
password :
username :
so we should get a form to submit those , after a while of searching i found the link in google :
so i will login with the creds :
we are in and we found the version we should search for an exploit
we found an exploit in metasploit and we gonna use it , and set our lhost … , and we exploit it
and we got our shell
thanks for reading , happy hacking