Blaster | TryHackMe Writeup
Blaster is an Easy Windows-based machine in TryHackMe
Starting with nmap scan found 2 open ports.
80 : HTTP
feroxbuster is a content discovery tool written in Rust.
I ran directory bruteforce and found it’s using WordPress.
without wasting my time I started wpscan for getting vulnerable plugin,vulnerable theme and users
from the scan result, i got a username. I started enumerating, lets go to the directory which I found previously.
The link shows auther profile with latest posts
only one post has a comment, which is a note by the author. let’s assume this as the password.
Now the next step is to try with username and password, for that i used RDP
I successfully logged in to the user account and got the user flag
On the desktop, there is an uncommon file.
so I searched in google and got a CVE.
a github which explains how to exploit.
started to exploit.
1. run as administrator
2. click show more details
3. click show information about certificate
4. click issuer link
5. that opens a browser, click OK
6. click file->saveas. this opens the file manager
now open cmd and now I am system admin and got the flag.