TryHackMe- Dav
Basic CTF room but good for enumeration tips
Nmap
First thing first, I run NMAP to see which ports are open. After I run my scanner, just port 80 was open.
Gobuster
The default page was a normal apache default page. I need to know the directories to take an action.
Even when I try to go /WebDAV directory, it’s authenticated that means I need credentials.
Creds founded
I did research on google and find some default credentials and they worked tbh!
Exploitation
I did know cadaver. It is a great tool to connect /webdav. I tried my creds to get into /WebDAV and upload my PHP shell right here.
Then I got shell!
Privilege Escalation
Every time I go through Privilege Escalation, I use LINPEAS.SH. This script can give you a lot of good ways to get root.
That means I can read /root/root.txt with cat :)