Tony The Tiger | TryHackMe Writeup

Overview

Tony The Tiger is an easy Linux-based Machine in TryHackMe

User Part

Start with nmap scan found many open ports

let’s check port 8080, It shows Jboss is installed

Let’s check the version

found a GitHub repo that is used for JBoss exploitation.

I run the code and got the shell, now iam cmnatic

while reading note in jboss directory i got jboss’s password

i tried that credentials with ssh and got shell and user flag

Root Part

I found I can run /usr/bin/find with sudo privilege

I searched to find in gtfobins and got command for shell

I tried and now I am root. I got flag but it is in an encrypted format, let’s decrypt it.

I decoded with base64 and got a string.

I checked with hash-identifier and it’s a MD5 hash

so i wrote hash to a file

using hashcat i cracked the flag

Share on facebook
Share on twitter
Share on linkedin