TryHackMe WriteUp: Agent T
Challenge Name: Agent T by John Hammond
Challenge Name: Agent T by John Hammond
Let’s spin up the machine…
Enumeration
We need to check for available services on the host. Any misconfiguration on these services will let us hack the box successfully.
sudo nmap -A -Pn -T5 10.10.181.117
Now, check port 80
go through the website and see if it takes any input.
Check the headers with Burp
We see “PHP/8.1.0-dev” on the Resp. Let’s check for any vulnerabilities.
Exploitation
“An early release of PHP, the PHP 8.1.0-dev version was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header.
“
Exploit: https://github.com/flast101/php-8.1.0-dev-backdoor-rce
Before cloning the Repo, check if the exploit has any malicious code — ;)
Get Flag
Thank You for reading. Knowledge is power, so keep gaining!😈
Follow me on GitHub! and Here for more knowledge.