TryHackMe- Dav

Basic CTF room but good for enumeration tips

Nmap

First thing first, I run NMAP to see which ports are open. After I run my scanner, just port 80 was open.

Gobuster

The default page was a normal apache default page. I need to know the directories to take an action.

Even when I try to go /WebDAV directory, it’s authenticated that means I need credentials.

Creds founded

I did research on google and find some default credentials and they worked tbh!

Exploitation

I did know cadaver. It is a great tool to connect /webdav. I tried my creds to get into /WebDAV and upload my PHP shell right here.

Then I got shell!

Privilege Escalation

Every time I go through Privilege Escalation, I use LINPEAS.SH. This script can give you a lot of good ways to get root.

That means I can read /root/root.txt with cat :)