Link: https://tryhackme.com/room/source
#1 “user.txt“
#2 “root.txt“
Use nmap to find open ports:
nmap -sCV 10.10.207.9
Access: https://10.10.207.9:10000/
So this web use Webmin, there is a CVE we can use, CVE-2019-15107.
We just need to use metasploit for this room.
Use this exploit and set RHOSTS, LHOST and SSL (true). Run and we will get two flags.
/home/dark/user.txt
/root/root.txt
ethan 