This is the write-up TryHackMe’s room named JPGChat. This room is rated Easy and from the room’s description given we have to Exploit poorly made custom chatting service written in a certain language.The language certainly looks to be Python from the room’s logo. Task is to get both the user and root flags. As always start the enumeration process by running NMAP scans.
Enumeration
NMAP
# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.56.110
┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -sS -Pn -T4 -p- 10.10.56.110 130 ⨯
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-28 14:25 EST
Nmap scan report for 10.10.56.110
Host is up (0.021s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE
22/tcp open ssh
3000/tcp open ppp# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,3000 10.10.56.110
┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -O -A -Pn -T4 -p22,3000 10.10.56.110
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times…