Lazy Admin Exploit, Contribute to 0xRar/LazyAdmin-Writeup development by creating an account on GitHub. However, to find an exploit you normally need the CMS and the version number, currently we are missing the version number. To solve this machine, we need to retrieve two flags hidden within files that are only accessible to local system This was a Linux machine that involved exploiting a backup disclosure issue to gain access and a misconfigured root Bash script to escalate. Muscle memory kicked in, but admin:admin does not work. Let’s login (with backup creds). https://github. This includes scanning, enumeration, exploitation, and privilege escalation, leading to the capture of both user and root flags. Therefore we may want to be on the lookout for outdated or unpatched software with a known vulnerability, weak passwords, or default credentials; as these are all hallmarks of a lazy admin. 12. Webpage Admin Area The other interesting dirbuster result is /content/as/, this gives the login for the admin area. Use public exploits and misconfigured settings to your advantage! This repository contains a few of my writeups I made for the famous and addictive TryHackMe CTF (Capture The Flag) challenges. This writeup helps you solve the easy box LazyAdmin on TryHackMe. This writeup details the methodology I used to compromise the “LazyAdmin” TryHackMe machine. gg/NS9UShnTryHackMe Official Discord: https://discord Easy linux machine to practice your skills Ready to learn Cyber Security? Create your free account today! TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment. LazyAdmin is a easy machine of TryHackMe platform, in it, we will exploit a vulnerability of arbitrary upload of files and a leak of credentials to obtain a shell in the system. it’s Possible to upload the Reverse PHP file on Media path. Then we have scanned our local network to find the victim machine’s ip address and then scanned the network to find the open ports and services. I checked the web page, but I couldn’t find anything on it. LazyAdmin is an easy level linux boot2root machine available on TryHackMe. 1. If you want to try it before reading you can find it here: LazyAdmin Welcome to my TryHackMe Lazy Admin walkthrough! 馃殌 In this video, I break down every step of solving the Lazy Admin challenge using Nmap, Feroxbuster, Exploit-DB. They assumed because the admin is “lazy,” that this would be easy. Directly after the keyword admin, the name manager appears, followed by passwd, followed by what seems to be a hashed password: Now, /content/as leads to a login prompt. A writeup for the room LazyAdmin from tryhackme. exploit-db. Does searchsploit know anything? Yes! We have some exploits! Since we don’t know the version, the best way to go is to select the newest possible exploit (since anything older is likely to have the same exploit as the newer version). Looking at the directiries we see the login page at http://MACHINE_IP/content/as/ Logging in gave us nothing , so lets check out the other exploit it will allow us to execute code , it means we can get a reverse shell Oct 7, 2024 路 If software is not updated, attackers can easily find known vulnerabilities and exploit them. Reverse Shell - User Flag Using the usual PHP reverse shell from pentestmonkey, I modified the exploit’s IP to match my host’s IP. ” This room is classified as easy and is a walkthrough-type … Fortunately, there was indeed something valuable in there: the admin password hash! He was a lazy admin indeed… Cracking the password: I know using Hashcat or John The Ripper is really cool, but the quickest way of cracking any hash is just throwing it against rainbow tables in the internet and pray for it to be in the database. This could be obtained by using the first exploit “Backup Disclosure”. We find a Backup Disclosure vulnerability. Then head to this directory to execute: After you click on the exploit, head back to your listener where you should now see a shell has spawned: Remember that you can create a better shell by using the following: Right now it seems I’m logged in as www-data. “Lazy Admin” Write-up Hi, this is going to be a walkthrough of a simple CTF challenge called “Lazy Admin” on Tryackme. Let's search Exploit-DB for a vulnerability we can exploit. While I’ve successfully tackled numerous… Follow me on Twitter: https://twitter. This writeup will go through each step required to complete the room. Let us have a look at the first exploit. This includes exploiting a vulnerability on SweetRice CMS to get login credentials and then uploading our reverse shell to get a low level shell and then exploiting a writable script to get a shell as user root. Thus, we could probably use this to get a reverse shell, since we already have admin access. Got user level revershell. The process involved network enumeration, web directory brute-forcing, CMS vulnerability Feb 1, 2026 路 Lazy Admin is an easy-difficulty CTF machine that demonstrates the risks of poor system administration practices, weak passwords, and misconfigured sudo permissions. We can login with the credentials found in the SQL database file and have a look around. 13. . It is a CTF-style box. Welcome to my writeup where I am gonna be pwning Lazy Admin from TryHackMe. com/exploits/40716 This repository contains a detailed walkthrough of the LazyAdmin room from TryHackMe. Mar 27, 2025 路 A complete walkthrough of the LazyAdmin room on TryHackMe, demonstrating enumeration, exploitation, and privilege escalation. The room focuses on exploiting a misconfigured web server, identifying weak credentials, and gaining root access on a Linux machine. Time to look around. sql file. Whether you’re new to hacking or already a seasoned pro, this guide is Lazy Admin— TryHackMe — CTF Writeup Hello everyone! This is a beginner-friendly room from the TryHackMe platform titled “Lazy Admin. Now we can see that port 22,80,139,445 and few Challenge link: Lazy Admin Reconnaissance & Information Gathering Nmap Scan The first step for us here is to enumerate the running services on the target system before doing anything. So without a further ado, let’s exploit. 11. I encourage everyone to follow along to get the most enjoyment … Hey there, cyber pros! Let’s dive into the ‘Lazy Admin’ CTF on TryHackMe. Fig 1. Jan 27, 2025 路 In this write-up, we’ll go through the steps to exploit the LazyAdmin machine from TryHackMe. I finally found the first flag by navigating to the In order to work with the second exploit we need a user name and password. on before we check that the page is developed by PHP. As the name is telling the Admin… TryHackMe LazyAdmin is a classic story of sysadmins being lazy. Backup Disclosure (Exploit-DB 40718) 2. Easy linux machine to practice your skills Have some fun! There might be multiple ways to get user access. Lazy Admin is an easy-level unguided room in TryHackMe. A writeup of everything found on LazyAdmin. Exploit: SweetRice CMS | Privilege Escalation: Misconfigured Perl Script Difficulty: Easy | Platform: TryHackMe | Focus: Enumeration, RCE, Privilege Escalation Step 1: Reconnaissance Intro Hola Gente!! This time I’ll tell you how to solve Lazy Admin from Tryhackme. This post marks my first CTF write up, so if you stumble over this, keep this in mind and if you have suggestions for improving 10. So let’s get started. Hello, welcome to this walkthrough, today, we’re gonna explain, how to complete the room: Cat Pictures 2 on tryhackme. It describes itself as a box to practice Linux Privilege escalation … TryHackMe TryHackMe: Lazy Admin Writeup Explore and exploit a SweetRice CMS, find backups, crack hashes and find shady scripts. com/pentestmonkey/php-reverse-shell used this reverse shell and uploaded into the server using the mentoined exploit! Task 1 – Lazy Admin Question 1 – What is the user flag? THM{63e5bce9271952aad1113b6f1ac28a07} Question 2 – What is the root flag? THM{6637f41d0177b6f37cb20d775124699f} Also Read: Tryhackme – Learning Cyber Security [CTF Write-Up] Lazy Admin — TryHackMe Initial Enumeration The engagement began with an nmap scan to identify open services on the target. The Lazy Admin TryHackMe box provided an excellent opportunity to apply various penetration testing techniques, including scanning, enumeration, exploitation, and privilege escalation. com. com/darkstar7471Join my community discord server: https://discord. Let’s begin: Q1: What is the user flag? → Unlike the write-ups I … So this seems like an admin can add a malicious ‘ad’ to the website which can be a PHP file. Lazy Admin is a Linux machine to practice basic Linux and exploitation skills. After uploading let’s access it. The goal of the LazyAdmin room is to exploit a misconfigured web server and Upon scrolling down to line 79 we discover a large block of information with keywords such as admin, admin_email, author, admin, manager, passwd, etc. 1 Step:7 Googling it we got exploit is available on Exploit DB https://www. Let’s check the website: This is … Lazy Admin walkthrough TryHackMe Introduction It was an easy Linux machine that involved exploiting an issue with CMS SweetRice and then looking for a way to escalate your privileged. One interesting thing found here is this: This tell us there is a database running mysql attached to the server on localhost and gives us the Hello People, In this write up I have covered a walkthrough for the Tryhackme box called Lazy Admin. Let`s copy this exploit to current working directory using -m flag, and afterwards open it with python3. we got using Wappalyzer an extension on Firefox browser Tryhackme Lazy Admin Walkthrough Hello Players, In This blog I have covered a walkthrough for the LAZY ADMIN box in tryhackme, It is an another beginner level machine, that will cover topics … Lazy Admin — Try Hack Me CTF Challenge Easy Hacking Challenge Exploit The Edge · Follow This box is a good example of what can happen when you have an admin that is lazy or forgetful! TryHackMe — LazyAdmin Walkthrough TryHackMe | LazyAdmin This is an “easy” difficulity box on TryHackMe. As from exploit PHP Code Execution (I used pentest monkey php reverse shell). Today we’re gonna solve the Lazy Admin room on TryHackMe. 10 PHP upload Exploit Description According to the exploit description, It says that there is a SweetRice CMS Panel and there is a CSRF vulnerability in the Ads section of the panel which allows the Admin to execute PHP codes on the Server. The hacker Aleksey hacks TryHackMe’s LazyAdmin room. We need to find two flags user and… Hello guys ! Welcome back to our another blog. Categories: Linux, Web Application, CMS, Privilege Escalation… Like always the first thing we will do before starting the Lazy Admin machine on TryHackMe is to launch our OpenVPN config file, then we will start our machine. 1. Arbitrary File Upload (Exploit-DB 40716) This walkthrough demonstrates how I exploited the LazyAdmin room on TryHackMe. We now have a username and a password hash. It involves a misconfigured back-up which can be accessed on the site. Let's use it to exploit this CMS. If backups are not protected, attackers can download them and find sensitive information like Feb 4, 2018 路 LazyAdmin is rated as an easy room due to: Perfect for beginners learning web application exploitation and Linux privilege escalation fundamentals. Therefore, I TryHackMe- Lazy Admin CTF Name: LazyAdmin Description: Easy linux machine to practice your skills. Try Hack Me LazyAdmin Walkthrough Hey everyone, today’s walkthrough will be against THM’s LazyAdmin machine which can be found here. Ne4rBy Cyber Security Dumps <3, HTB Writeup, Hackthebox, HTB Walkthrough, THM Writeup, TryHackMe, THM Walkthrough Welcome back to another write-up of an "easy" TryHackMe room. Let's crack the logged in Sweet rice Version:1. TryHackMe LazyAdmin CTF Writeup I recently re-sparked my interest for InfoSec and started dabbling with a couple of hacking platforms and war games and stumbled over TryhackMe, which so far has been an absolutely fantastic learning resource for information security. This scan revealed two open ports: 22, running OpenSSH … Welcome! In this walk-through,we will embark on a step-by-step journey to conquer the Lazy-Admin room in TryHackMe. We know now that the target machine is using SweetRice CMS V1. Here, we can see that there are two open ports: one is port 22 for SSH, and the second one is port 80 for web traffic. Note: It might take 2-3 minutes for the machine to boot Greetings to the hacker community! I’m thrilled to present my first TryHackMe challenge write-up. 5. They were so wrong. com… TryHackMe write-up: LazyAdmin Introduction This is my write-up for TryHackMe’s LazyAdmin Room Enumeration Using nmap, we see that SSH and HTTP ports are open. 0. Based on the name, it’s a safe bet that the “admin” is lazy. This should give you a number of new subdirectories within /content. Found out that we need login credentials to run this exploit. This challenge has two flags, and our goal is to capture both… TryHackMe ’s Lazy Admin room is an easy-level room involving a publically accessible backup file, password cracking, reverse shells, and scripts. We download and open the mysql_bakup_20191129023059-1. 8xljv, d4ef, bdak, ad1ca, dzvgl, rd1mo, smj9, 2cxab, hdei, wqwhf,