Posts

Showing posts with the label opencats

TryHackMe | Empline Walkthrough

Image
  Are you good enough to apply for this job? Link :- https://tryhackme.com/room/empline Get all the flags to complete the room. Run a nmap scan to check for open ports Port 80 is open. Let us visit it Since this room hints at applying for a job- Let us click on “Employment”. This does not lead anywhere. Check source code of page :- Seems it refers to job.empline.thm/careers Let change our /etc/hosts file and link the IP to this Now the url works:- Click on “Show all jobs” and the “mobile dev” position We can click on “Apply to Position” This page allows us to upload a file. Interesting… Let’s find the OpenCats version by going to jobs.empline.thm:- A google search for exploit for opencats 0.9.4 leads us to an article by doddsecurity(.)com . CVE-2019–13358 Following the exploit method. Create a .docx file using python or libreoffice with some text in the file. In my case the text is “Fun time”. unzip the .docx file and then edit word/document.xml Add the below af...

Eonrec