Blaster | TryHackMe Writeup

Overview

Blaster is an Easy Windows-based machine in TryHackMe

User Part

Starting with nmap scan found 2 open ports.

80 : HTTP

3389: RDP

 

feroxbuster is a content discovery tool written in Rust.

I ran directory bruteforce and found it’s using WordPress.
without wasting my time I started wpscan for getting vulnerable plugin,vulnerable theme and users

from the scan result, i got a username. I started enumerating, lets go to the directory which I found previously.

The link shows auther profile with latest posts

only one post has a comment, which is a note by the author. let’s assume this as the password.

Now the next step is to try with username and password, for that i used RDP

I successfully logged in to the user account and got the user flag

Root Part

On the desktop, there is an uncommon file.

so I searched in google and got a CVE.

a github which explains how to exploit.

started to exploit.

1. run as administrator

2. click show more details

3. click show information about certificate

4. click issuer link

5. that opens a browser, click OK

6. click file->saveas. this opens the file manager

now open cmd and now I am system admin and got the flag.

Share on facebook
Share on twitter
Share on linkedin