Source TryHackMe Writeup

4 min readAug 13, 2024

I am going to take you all to the walkthrough of the machine “Source” which is a beginner friendly machine on Try Hack Me.

I’ll tell you in the shortest way possible to solve this machine. Don’t just get shocked after seeing the way.

Room Link is here.

Let’s Start. First Thing First deploy the machine.

TASK 1 EMBARK

Enumerate and root the box attached to this task. Can you discover the source of the disruption and leverage it to take control?

The Journey by Ekaterina on Dribbble

This virtual machine is also included in the room AttackerKB as part of a guided experience. Additionally, you can download the OVA of Source for offline usage from https://www.darkstar7471.com/resources.html

Let’s Start from The Basic thing.

By doing Nmap we got the following output:

$sudo nmap -v 10.10.150.18
Starting Nmap 7.91 (https://nmap.org) at 2021-03-05 19:14 IST
Initiating Ping Scan at 19:14
Scanning 10.10.150.18 [4 ports]
Completed Ping Scan at 19:14, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:14
Completed Parallel DNS resolution of 1 host. at 19:14, 0.35s elapsed
Initiating SYN Stealth Scan at 19:14
Scanning 10.10.150.18 [1000 ports]
Discovered open port 22/tcp on 10.10.150.18
Discovered open port 10000/tcp on 10.10.150.18
Completed SYN Stealth Scan at 19:15, 2.37s elapsed (1000 total ports)
Nmap scan report for 10.10.150.18
Host is up (0.16s latency).
Not shown: 998 closed ports
PORT
STATE SERVICE
22/tcp open ssh
10000/tcp open
snet-sensor-mgmt
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 3.19 seconds
Raw packets sent: 1018 (44.768KB) | Rcvd: 1002 (40.088KB)

As we can see there are two ports open one is 22 and another open is 10000. We don’t know the username and password for 22 so we cannot go further.

What Now, let’s visit port Number 10000.

I see this and it told me to try visiting url with https. Now let’s visit again with https. URL will be https://<ip address>:10000.

You’ll get a error just go to advance options and proceed to the website. I saw a login page made with webmin. Webmin is a web-based system configuration tool for Unix-like systems. Now we don’t know the credentials again. Now what to do.

Then I got an idea to use metasploit to see if webmin has any vulnerabilities or not.

And here is the output

$msfconsole -q
msfб > search webmin
Matching Modules
# Name
tion
Disclosure Date Rank
Check Descrip
Ⓒ auxiliary/admin/webmin/edit_html_fileaccess 2012-09-06
edit_html.cgi file Parameter Traversal Arbitrary File Access
File Disclosure
1 auxiliary/admin/webmin/file_disclosure
2 exploit/linux/http/webmin backdoor
password_change.cgi Backdoor
3 exploit/linux/http/webmin_packageup_rce
Package Updates Remote Command Execution
4 exploit/unix/webapp/webmin_show_cgi_exec
/file/show.cgi Remote Command Execution

I was very happy after that to see vulnerabilities exist. Here be careful we need to use that exploit which doesn’t ask for any credentials.

I used 2 which is exploit/linux/http/webmin_backdoor. Let’s exploit.

We want to set RHOSTS, LHOST and the important thing to set is SSL which is by default is false. If have to make it True to be able to exploit successfully. This is after filling the above information.