This is a write-up for Kiba room from TryHackMe. This room can be found here:-
Room Description: Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution.
#1 What is the vulnerability that is specific to programming languages with prototype-based inheritance?
Check out the following link which describes this issue in details and will also give the answer:
#2 What is the version of visualization dashboard installed in the server?
Lets first enumerate the box using NMAP to find out all the open ports with the command:
sudo nmap -sS -Pn -T4 -p- 10.10.125.142
Lets find out what is running on these open ports using the command:
sudo nmap -O -A -Pn -T4 -p22,80,5044,5601 10.10.125.142
The most interesting thing that comes out of this NMAP scan is kibana running on port 5601 which is open source data visualization dashboard for Elasticsearch.
Open this in a browser and look around and we will get the version which we are looking for.
#3 What is the CVE number for this vulnerability? This will be in the format: CVE-0000–0000
Now we have the application name Kibana and a version, if we search we will find the CVE. The details can also be found Answer #1
#4 Compromise the machine and locate user.txt