TryHackMe: Source (Beginner Friendly) Write-up

Hi guys, it’s me Cursemagic. Today is would like to share my write-up for the room Source created by DarkStar 7471 from the TryHackMe platform. This room is really quick and easy, most importantly it is beginner-friendly. Without further ado, let's get started!

Link to TryHackMe Source room: https://tryhackme.com/room/source

Nmap

First, fire up Nmap.

nmap -sV -sC -T4 -p- <Machine-IP>

We can see there's a bunch of ports after the scan. But the interesting ports are 22 and 10000.

HTTP port 10000

When we go to port 10000, there will be a warning but it is ok we can just accept it and continue. And we will see this page:

But we do not have any username and password. Hydra brute forcing is a choice but it takes too much time. So, I go for Metasploit.

Metasploit

Search Webmin in Metasploit. and go for the backdoor.

Set RHOSTS to the machine IP, set LHOST to your IP, and set SSL to true.

Enter Run to start the exploit.

User.txt and Root.txt

After complete exploit, enter id and we can see we are root now already!

We can use pwd to show the current path. And we can use cd and ls to look for the txt file.

Use cat to show the content.

And we had done the room and get the flags!

Thank you for completing the room and reading my write-up!

This room is a very good start for beginners as it is straightforward. It is very fun while learning.

############################################

Anyone willing to give me free vouchers or sponsors are greatly appreciated! XD

############################################