Writeups

Relevant - A THM Medium Room

Link to the Box: https://tryhackme.com/room/relevant

Pre-engagement Briefing:

You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in seven days. 

Scope of Work

The client requests that an engineer conducts an assessment of the provided virtual environment. The client has asked that minimal information be provided about the assessment, wanting the engagement conducted from the eyes of a malicious actor (black box penetration test).  The client has asked that you secure two flags (no location provided) as proof of exploitation:

• User.txt
• Root.txt

Additionally, the client has provided the following scope allowances:

• Any tools or techniques are permitted in this engagement, however we ask that you attempt manual exploitation first

• Locate and note all vulnerabilities found
• Submit the flags discovered to the dashboard
• Only the IP address assigned to your machine is in scope
• Find and report ALL vulnerabilities (yes, there is more than one path to root)

(Roleplay off)

I encourage you to approach this challenge as an actual penetration test. Consider writing a report, to include an executive summary, vulnerability and exploitation assessment, and remediation suggestions, as this will benefit you in preparation for the eLearnSecurity Certified Professional Penetration Tester or career as a penetration tester in the field.

Note - Nothing in this room requires Metasploit

Machine may take up to 5 minutes for all services to start.

Solution:

nmap scan here

Creds:

Bob - !P@$$W0rD!123
Bill - Juw4nnaM4n420696969!$$$