Tony The Tiger | TryHackMe Writeup
Tony The Tiger is an easy Linux-based Machine in TryHackMe
Start with nmap scan found many open ports
let’s check port 8080, It shows Jboss is installed
Let’s check the version
found a GitHub repo that is used for JBoss exploitation.
I run the code and got the shell, now iam cmnatic
while reading note in jboss directory i got jboss’s password
i tried that credentials with ssh and got shell and user flag
I found I can run /usr/bin/find with sudo privilege
I searched to find in gtfobins and got command for shell
I tried and now I am root. I got flag but it is in an encrypted format, let’s decrypt it.
I decoded with base64 and got a string.
I checked with hash-identifier and it’s a MD5 hash
so i wrote hash to a file
using hashcat i cracked the flag