Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

Mastodon

TryHackMe | Source | Walkthrough

3 min readJan 4, 2025

Exploit a Recent Webmin Vulnerability and Take Control
#Cybersecurity #Writeup #TryHackMe

The SOURCE room on TryHackMe challenges us to exploit a vulnerability in Webmin, a web-based system configuration tool. It’s a straightforward task but offers good practice for beginners. Let’s walk through it step by step.

Step 1: Enumeration with Nmap

As with any challenge, we begin with nmap to scan the target IP for open ports and services.

nmap -sV -sC -A source.thm
Press enter or click to view image in full size

Results:

  • Port 22: SSH
  • Port 10000: Webmin (default port)

The Webmin service becomes our point of entry. Accessing it through https://source.thm:10000 brings up the Webmin login page.

Press enter or click to view image in full size

Unfortunately, we lack credentials for both SSH and Webmin.

Step 2: Directory Brute-Forcing with Gobuster

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

Regan Temudo
Regan Temudo

Written by Regan Temudo

197 followers
390 following

16 Row / 7 Column

No responses yet

Write a response

What are your thoughts?

More from Regan Temudo

See all from Regan Temudo

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech