TryHackMe

 Hello fellow hackers, I am back with another write-up for you all so let's get started.  Today we are doing Undiscovered box on tryhackme.com created by ch4rm .  The topics we are going to cover are:- Virtual hosts enumeration CMS bruteforcing Getting reverse-shell using an exploit from exploit-db Mounting file system and accessing data of victim machine on our local machine Horizontal privilege escalation using a script on victim machine And finally privilege escalation using vim.basic capabilities So let's get started, Virtual Hosts Enumeration As our general methodology goes, we'll start with an nmap scan # Nmap 7.80 scan initiated Tue Nov 10 01:56:45 2020 as: nmap -sC -sV -oN nmapscans 10.10.122.39 Nmap scan report for undiscovered . thm ( 10.10 . 122.39 ) Host is up ( 0.40 s latency) . Not shown: 996 closed ports PORT STATE SERVICE VERSION 22 / tcp open ssh OpenSSH 7.2 p2 Ubuntu 4 ubuntu2 . 10 (Ubuntu Linux; protocol 2.0 ) | ssh - hostkey: | ...