Mobeius

Into

Welcome back everyone today we are back with the latest THM B2R machine. Let's get right into it.

Enumeration.

Port scanning.

PORT   STATE SERVICE REASON  VERSION
22/tcp open  ssh     syn-ack OpenSSH 8.9p1 (protocol 2.0)
80/tcp open  http    syn-ack Apache httpd 2.4.62 ((Debian))
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Image Grid
|_http-server-header: Apache/2.4.62 (Debian)

A classic Boot2Root Machine we have HTTP and ssh open let's enumerate the HTTP first.

Enumerate HTTP.

So in the web page we only see some cat pictures nothing intresting until i saw this.

SQL injection.

We can see here by removing the GET prameter we get and error message from the application as well as the database.

From here we can tell that we have an SQLi.

Using this command in sqlmap we can find the databases.

sqlmap -u 'http://moebius.thm/album.php?short_tag=something' -p short_tag --risk 3 --level 5 --dump --dbs -D  web

We get the tables but there is nothing actually so this maybe a Rabbit whole.

Last updated 2 months ago