The following is a semi-spoilerish walkthrough of the Tommy Boy VM from Vulnhub by 7MinSec.

Semi-spoilery write-up:

  • A port scan will reveal port 80 and 8008 open. Explore them thoroughly, including /robots.txt, page source code, dirb results, etc.

  • That recon will lead you to a content management system where a keen eye and attention to detail will divulge a hash that needs to be cracked to continue.

  • From there you’ll learn of an unstable service running on the box that is only up at certain times of the day, but can be connected to with rather basic credentials.

  • After connecting to that service, you will receive a hint about a hidden "dropbox" area, which you can only connect to if you can present yourself a certain way to the site.

  • When the dropbox area is fully uncovered you’ll find some additional hints, including how to create a password list which will be used to crack a zip file full of passwords.

  • Armed with that information you will have another bit of brute-forcing to do before you have a complete set of SSH credentials.

  • Using the SSH credentials you should be able to restore the Callahan Web site, and then you’ve just got one last flag to grab before you can unlock the final treasure and consider the box pwn’d!

Written by: Brian Johnson

Share on socials: