Couch

https://tryhackme.com/room/couch

User Flag

We start with port enumeration.

We see there are only two open ports (22,5984).

Port 5984 belongs to a datababase management system called CouchDB. If we google about it we can find there's a built-in administration interface on the following path:

http://IP:5984/_utils

If we head into the path we mentioned earlier we can see all databases in the system (We can list them too with the _all_dbs path).

Checking the "secret" database we find out some credentials.

Let's ssh into the machine using the found credentials.

We're in. Let's grab the flag.

Root Flag

Doing a basic manual enumeration we see the .bash_history file isn't empty.

Let's read the .bash_history file and see if we find something interesting.

That seems interesting. Let's follow the user steps.

We're in a privileged docker container. If we look around we can see we have access to root through the /mnt/ folder.

Easy, let's grab the root flag.

PreviousGit Happens NextSmag Grotto

Last updated 4 years ago

Was this helpful?