Try Hack Me: Opacity2
Today we will be taking a look at Opacity2 on Try Hack Me, found here:
Starting off with an NMAP scan:
SSH, HTTP, SMB are all live on this machine, lets look at SMB:
No anonymous login enabled. Taking a look at port 80:
When uploading a PHP reverse shell we see that it needs an image:
shell.gif does work
After trying quite a few things we tried to just put a space and put in a image extension and we get back the following:
Notice it is trying to upload it:
Now just delete .gif and we should have a reverse shell.
Going into opt we see the following:
From there were copy it into /var/www/html to download it to our kali machine:
From here we get the sysadmin password:
From here we can su into sysadmin or just ssh in, and then looking in their home directory we see the following:
I renamed the shell.php on my kali system to the backup.inc.php and then uploaded it onto the machine:
Starting a listener and waiting:
I hope you enjoyed the writeup and learned something along the way.