This is a write-up for Kiba room from TryHackMe. This room can be found here:-
Room Description: Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution.
#1 What is the vulnerability that is specific to programming languages with prototype-based inheritance?
Check out the following link which describes this issue in details and will also give the answer:
#2 What is the version of visualization dashboard installed in the server?
Lets first enumerate the box using NMAP to find out all the open ports with the command:
sudo nmap -sS -Pn -T4 -p- 10.10.125.142
Lets find out what is running on these open ports using the command:
sudo nmap -O -A -Pn -T4 -p22,80,5044,5601 10.10.125.142
