Year of the Jellyfish is a room for the OSCP giveaway challenge, who complete the room by the 30th of April are entered into a raffle. The machine is a Linux machine. For user, the Monitorr web app has an RCE vulnerability but the exploit needs some edits to work. For root, the machine is vulnerable to dirty_sock due to a bug in the snapd API. This machine also comes with public IP address instead of an internal IP address(10.*.*.*).
Let’s start with an Nmap scan. There’re 8 ports open and the most interesting part is the SSL certificate of…
Hello guys, this’s my writeup on the Motunui room from TryHackMe, a Moana themed Linux box. This room is rated as hard but it’s not that hard actually. Let’s jump in!
Start with an nmap scan which shows that there’re 6 ports open.
# Nmap 7.80 scan initiated Thu Oct 5 11:23:38 2020 as: nmap -sCV -oN nmap/initial 10.10.223.235 -v
Nmap scan report for 10.10.223.235 Host is up (0.21s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh…