Neighbour newapp (Tryhackme) Writeups

 





Link to Room

Neighbour newapp Tryhackme writeups

lets looking for open ports by using NMAP 

        # nmap -A -Sc -Sv -oN nmap.md (ip address)


port 80 and 22 opened, lets check port 80 (http://10.10.159.114)



login page appear, under login button notice we have some clue. guest account is accessible we can login using guest account. view page source code we could see credentials 



                                                    


Now we need to login admin account, check page source code there is a clue admin account is vulnerable. lets check URL 

                    http://10.10.159.114/profile.php?user=guest

By changing user name guest to admin we can login to admin account 
                

                        http://10.10.159.114/profile.php?user=admin



                                                           Thanks for Reading





 

   


Comments

Post a Comment

Popular Posts