Vulnversity Walkthrough

This machine is available on tryhackme and this machine is based on linux.

So our first step is to run an nmap scan on the target machine:

Command: namp -T5 -sV <machine ip>

Result of nmap:

Here we can see that 6 ports are open and the webserver is running on port 3333.

The webpage on port 3333 is:

Now we have to do some directory busting to get the upload form so that we can upload a php reverse shell file to get the reverse shell.

Result of directory busting:

Here we can see a directory named as internal, This seems interesting. Let’s open this directory.

And here we found the upload form:

Now we have to upload the php reverse shell file to get the reverse shell of this machine, But here is a trick, we can not upload a file with .php extension so we will use .phtml extension and get the reverse shell.

We can use pentestmonkey to get the code of php reverse shell.

In that shell we have to change the default ip with our own ip address.

Before uploading the file let’s setup the listener first.

Now after setting up the listener let’s upload the file.

Now after uploading the file, goto /internal/uploads. Here you’ll get the file that we have uploaded.

Open that file and you’ll get the reverse shell.

Now we have successfully got the reverse shell:

Now we have to spawn a tty shell.