Couch TryHackMe Writeup

01 July 2021 - less than 1 min read time
Tags: writeup tryhackme linux couchdb docker

Scanning

We launched the nmap tool, with script and software versions.

Enumeration

We access the site, and at first glance we see a couchdb information leak.

List all the databases

Displays the database information we specify

Example of obtaining relevant information:

Exploitation

Now that we know how it works, let’s check the database called “secret” and get some credentials in plain text.

We access through the SSH service and read the flag of user.txt.

Privilege Escalation

We read the file “.bash_history”, we find a record of a connection to docker.

Reading of the root flag