TryHackMe — Jeff

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

TryHackMe — Jeff

Hi guys, I am Piyush Achärya, and today in this write-up I am going to show you how to complete the Jeff challenge. Let’s get started.

https://medium.com/media/277c473f5c13fbc650819876bbcf07f3/href

Description: Can you hack Jeff’s web server?

Link to Room: https://tryhackme.com/room/jeff

Level: Hard (Obviously it is😉)

Let’s Get Started

As usual, start up the machine and run some Nmap scan, Only two ports are open 22(SSH) and 80(Web Server). Nothing special 🙁

nmap -sC -sV -T4 -vv <IP> -oA nmap

Trying to visit the webserver gives a blank screen. So we need to add “jeff.thm” to/etc/hosts in order to access the website.

Let’s check what’s on the website. The site is static with no links. Browsing the site we don’t find anything interesting.

So, I started enumerating the website for hidden files and directories using dirsearch.

dirsearch -u http://jeff.thm –exclude-status 401

We find a few interesting directories /admin, /uploads, and /backups. On visiting the /uploads directory we have a ‘rabbit hole’ with a file upload functionality but nothing working. Then I tried recursively brute-forcing the /backups directory and found a filebackup.zip’.

Let’s unzip it to see

Read the article