TryHack3M: Bricks Heist
April 17, 2024
Task 1: Challenge
First we have to add the IP to /etc/hosts
# Nmap 7.94 scan initiated Wed Apr 17 12:46:16 2024 as: nmap -sC -sV -oN nmap -vv 10.10.104.208
Increasing send delay for 10.10.104.208 from 5 to 10 due to 11 out of 14 dropped probes since last increase.
Increasing send delay for 10.10.104.208 from 10 to 20 due to 11 out of 15 dropped probes since last increase.
Nmap scan report for bricks.thm (10.10.104.208)
Host is up, received syn-ack (0.30s latency).
Scanned at 2024-04-17 12:46:16 PST for 142s
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 5e:89:d0:d2:48:d4:18:83:48:e8:ab:1f:fc:28:6a:d3 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOPU67F6ouV5VnVyMkX96y1BsWQ37oIuqRyJgi13etXjrpB+0tePkjEyI1EfOxumZBwJMFcnOhGS0GfnN6nDoJTb/vG4FMEbnaEBdH4z0slzZTqmL68UOEsygVEEa+W/b9VZc+3AsevLu7dppZtF+se7tdYn9mJujZBEEPCLMRyQrVtB5a/zYI+pRLQSsxnyNVE8Xk9ADBt3f5TrCHnrKKhgfFefEC1vuT/GFVrvCrE/MdcUkOy48vEPhpQuqxbTR2WJcvegoZF+ucE6N6L+h+RhxG/fuEPznal695ogeUhhsMCEwGpgm47eX7uizy0Na3judXXavp41casSGjnigYiqqiazCd17mPGHKiAx7TAR/k+2ikZptOSBHYAf6bTC+/RVhMyyutTGbuObKFJdkmAeVDpoOzQwSxuKyc+dsC2QWAGlw7igIvLTYwvtTPKYbh4GnugWJgz2Adup1Tlqljrm3rdpLKM5c34QxuQhq1TNBcckvbWf5QFm6UwXGh0Ec=
| 256 e3:10:af:92:38:39:00:04:a9:6b:26:f4:25:7f:3b:7a (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNUCluz0/6BCWD3bMhaUqhLzAwmlRBHBba4x3xxVYZ3A+3ORAncakjNC+9XfL3cyUlvq7g5hRPw5ROuhcWmsxmI=
| 256 6b:db:02:32:ab:20:11:f2:d0:2b:c1:b5:b2:8a:91:99 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2oqRDeef0Q/Nc9ZKl3AnsevKhL5WAbHYSgifv4zUZC
80/tcp open http syn-ack WebSockify Python/3.8.10
|_http-title: Error response
|_http-server-header: WebSockify Python/3.8.10
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 405 Method Not Allowed
| Server: WebSockify Python/3.8.10
| Date: Wed, 17 Apr 2024 04:46:59 GMT
| Connection: close
| Content-Type: text/html;charset=utf-8
| Content-Length: 472
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
| "http://www.w3.org/TR/html4/strict.dtd">
| <html>
| <head>
| <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
| <title>Error response</title>
| </head>
| <body>
| <h1>Error response</h1>
| <p>Error code: 405</p>
| <p>Message: Method Not Allowed.</p>
| <p>Error code explanation: 405 - Specified method is invalid for this resource.</p>
| </body>
| </html>
| HTTPOptions:
| HTTP/1.1 501 Unsupported method ('OPTIONS')
| Server: WebSockify Python/3.8.10
| Date: Wed, 17 Apr 2024 04:47:00 GMT
| Connection: close
| Content-Type: text/html;charset=utf-8
| Content-Length: 500
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
| "http://www.w3.org/TR/html4/strict.dtd">
| <html>
| <head>
| <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
| <title>Error response</title>
| </head>
| <body>
| <h1>Error response</h1>
| <p>Error code: 501</p>
| <p>Message: Unsupported method ('OPTIONS').</p>
| <p>Error code explanation: HTTPStatus.NOT_IMPLEMENTED - Server does not support this operation.</p>
| </body>
|_ </html>
443/tcp open ssl/http syn-ack Apache httpd
| tls-alpn:
| h2
|_ http/1.1
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=US
| Issuer: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-04-02T11:59:14
| Not valid after: 2025-04-02T11:59:14
| MD5: f1df:99bc:d5ab:5a5a:5709:5099:4add:a385
| SHA-1: 1f26:54bb:e2c5:b4a1:1f62:5ea0:af00:0261:35da:23c3
| -----BEGIN CERTIFICATE-----
| MIIDazCCAlOgAwIBAgIUPbOGG+Xi6dsd8rNRzG/wI3DvA8MwDQYJKoZIhvcNAQEL
| BQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
| GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA0MDIxMTU5MTRaFw0yNTA0
| MDIxMTU5MTRaMEUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
| HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
| AQUAA4IBDwAwggEKAoIBAQCtzw+eboW61zIzd/tl7LdrZCO86nc/MN0DkZfTngO7
| lJq/VQgR617FfExm26yI+wZSEkUWO5dg+1BYJbkYlayzr0Dyor3E2l73dIsM2Ur4
| s6hET6gYFD8pCu9z6YvMqxcq/1YWN+pOGsicAFeT6t8uQBYyA9NZZXSAISnorUbV
| aRW/Z8cwijQquIfwIiBaVhOnqBAqoudHQ5yLb461PGgVpioNeS9DDe3I7+J5LPe7
| va5wcnTJ2xfKrCHIPipuAgj5lCJ7lihlvT0KDB1elFxy5yIPABR5MthRs36eiO4+
| 1AKfPDVrvC5IpBvycgT95qhR0AnS+N9CwmO4HUWq5AJtAgMBAAGjUzBRMB0GA1Ud
| DgQWBBQHb6dwgvFLizbay0+nIgxlfzZYtjAfBgNVHSMEGDAWgBQHb6dwgvFLizba
| y0+nIgxlfzZYtjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJ
| gjQinsS5AIb/LJT4KVhHgDAVezICOx3kg6foyMV3z6CcU9e6QLuMpyMCR/UGqUqs
| m0iJH8sR1jJdS3tDPTEmJXW8gBux3Y4xl9/A1sMhm97O5O7KHiBiwiW47Pwfo4/a
| wchcSEcU/4jfivY7ifGcIBSN4GInUHjwfD63J0/LHh1GPEo/Wsoekk0586psicaV
| dv3UqrFcLFztwKGDgs+51Oc9a70xT96bko0huCZ1NFOh4zchZ3kno9mueURi/SJO
| ibgwFMBWO7mQHKnlnQxxQwxER+QyftgnO+gXvkPGQU+o4rMnjHX5EAjyfoutRjjN
| tQWUR7AJRMC+3VGdRcVV
|_-----END CERTIFICATE-----
|_http-favicon: Unknown favicon MD5: 000BF649CC8F6BF27CFB04D1BCDCD3C7
| http-robots.txt: 1 disallowed entry
|_/wp-admin/
|_http-server-header: Apache
|_http-generator: WordPress 6.5
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Brick by Brick
|_ssl-date: TLS randomness does not represent time
3306/tcp open mysql syn-ack MySQL (unauthorized)
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port80-TCP:V=7.94%I=7%D=4/17%Time=661F5440%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,291,"HTTP/1\.1\x20405\x20Method\x20Not\x20Allowed\r\nServer:\x20
SF:WebSockify\x20Python/3\.8\.10\r\nDate:\x20Wed,\x2017\x20Apr\x202024\x20
SF:04:46:59\x20GMT\r\nConnection:\x20close\r\nContent-Type:\x20text/html;c
SF:harset=utf-8\r\nContent-Length:\x20472\r\n\r\n<!DOCTYPE\x20HTML\x20PUBL
SF:IC\x20\"-//W3C//DTD\x20HTML\x204\.01//EN\"\n\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n\x20\x20\x2
SF:0\x20<head>\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x20http-equiv=\"Cont
SF:ent-Type\"\x20content=\"text/html;charset=utf-8\">\n\x20\x20\x20\x20\x2
SF:0\x20\x20\x20<title>Error\x20response</title>\n\x20\x20\x20\x20</head>\
SF:n\x20\x20\x20\x20<body>\n\x20\x20\x20\x20\x20\x20\x20\x20<h1>Error\x20r
SF:esponse</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Error\x20code:\x20405<
SF:/p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Message:\x20Method\x20Not\x20Al
SF:lowed\.</p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Error\x20code\x20explan
SF:ation:\x20405\x20-\x20Specified\x20method\x20is\x20invalid\x20for\x20th
SF:is\x20resource\.</p>\n\x20\x20\x20\x20</body>\n</html>\n")%r(HTTPOption
SF:s,2B9,"HTTP/1\.1\x20501\x20Unsupported\x20method\x20\('OPTIONS'\)\r\nSe
SF:rver:\x20WebSockify\x20Python/3\.8\.10\r\nDate:\x20Wed,\x2017\x20Apr\x2
SF:02024\x2004:47:00\x20GMT\r\nConnection:\x20close\r\nContent-Type:\x20te
SF:xt/html;charset=utf-8\r\nContent-Length:\x20500\r\n\r\n<!DOCTYPE\x20HTM
SF:L\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01//EN\"\n\x20\x20\x20\x20\x
SF:20\x20\x20\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n\x
SF:20\x20\x20\x20<head>\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x20http-equ
SF:iv=\"Content-Type\"\x20content=\"text/html;charset=utf-8\">\n\x20\x20\x
SF:20\x20\x20\x20\x20\x20<title>Error\x20response</title>\n\x20\x20\x20\x2
SF:0</head>\n\x20\x20\x20\x20<body>\n\x20\x20\x20\x20\x20\x20\x20\x20<h1>E
SF:rror\x20response</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Error\x20code
SF::\x20501</p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>Message:\x20Unsupporte
SF:d\x20method\x20\('OPTIONS'\)\.</p>\n\x20\x20\x20\x20\x20\x20\x20\x20<p>
SF:Error\x20code\x20explanation:\x20HTTPStatus\.NOT_IMPLEMENTED\x20-\x20Se
SF:rver\x20does\x20not\x20support\x20this\x20operation\.</p>\n\x20\x20\x20
SF:\x20</body>\n</html>\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Apr 17 12:48:38 2024 -- 1 IP address (1 host up) scanned in 142.57 secondsThis is the front page of https bricks.thm
whatweb https://bricks.thm/
https://bricks.thm/wp-login.php
/robots.txt
https://bricks.thm/phpmyadmin/
SOOOOOOOOOOOOOOOOOOOOOOOOOONNNNNNN
Last updated