Writeups

Source hack webmin

First a little recon

we were given the IP address of 10.10.150.18.

By using nmap with the -v switch, we can see the following ports open

There are two ports open. One is port 22 for ssh and another is port 10000. We do not know the username or password for 22, so we cannot progress any further.

Lets check port 10000 and see what we can find. By typing in http://10.10.150.18: 10000, We get a message stating to run the URL is SSL mode. Lets visit again with https://10.10.151.18: 10000

The webrowser will display an error message. Select the advanced and options and proceed with ther website.

A login page made by webmin. Webmin is a web-based system configuration tool for Unix-like systems. We still do not know the credentials for this application.

Lets run metasploit on this port to see if webmin has any vulnerabilites

First a little recon

we were given the IP address of 10.10.150.18.

There are two ports open. One is port 22 for ssh and another is port 10000. We do not know the username or password for 22, so we cannot progress any further.

We need to use an expliot that does not ask for any credentials The two I used were expliot/linux/http/webmin_backdoor

We want to set RHOSTS, LHOST and set SSL. This is set false as default. We have to set it to True in order to expliot successfully.

Its not stable. Lets make it stable by executing the following command - python3 -c 'import pty;pty.spawn("/bin/bash")'

Lets find the user and root flags. /root directory is our main target.