TryHackMe | Bolt | Writeup
Feb 10, 2025
Notes: If you want the solution with the answers, go to the Writeup with Flags link
Find This Room: Bolt
Hack your way into the machine!
Initial Recon
We use Nmap :
22/tcp open ssh
80/tcp open http
8000/tcp open http (PHP 7.2.32-1)We Found Three Ports Is Open
Let’s Try Port 8000
We Found A Sensitive Data For Login
Initial Access
I will Login With Sensitive Data
Now We Login As Admin Account
Find it on Exploit DB. What’s its EDB-ID?
Note: If you can’t find the exploit module its most likely because your metasploit isn’t updated. Run `apt update` then `apt install metasploit-framework`
Now I use Exploit in Metasploit And Setup
Post Exploitation
Now We Find Flag
ls
bolt
composer-setup.php
flag.txt
wc flag.txt
1 1 34 flag.txt
pwd
/home
