Conquering the ‘Source’ Room on TryHackMe: A Noteworthy Achievement
On the 28th day of my #100DaysOfCybersecurity journey, I accomplished a notable milestone by successfully navigating through the ‘Source’ room on TryHackMe. This challenge captivated my interest as it focused on exploiting a known vulnerability in Webmin, a popular web-based system configuration tool for Unix systems.
Exploring CVE-2019–15107: Understanding a Critical Security Vulnerability
At the heart of this challenge was the task to understand and exploit CVE-2019–15107, a significant security vulnerability identified in 2019 in Webmin. My journey through this challenge brought to light several critical aspects:
- Type of Vulnerability: Remote code execution. This category of vulnerability is extremely critical as it enables attackers to run arbitrary commands on the server.
- Versions Impacted: The vulnerability impacted Webmin versions from 1.882 through 1.921, in certain configurations.
- Root Cause: An inadvertent flaw in Webmin version 1.890 allowed unauthenticated users the capability to execute commands with root privileges, creating a substantial security threat.
- Impact: Exploiting this vulnerability could lead to full control over the system, with risks like data theft, malware installation, and disruption of services.
- Resolution: In response to this vulnerability, the Webmin team quickly released an update (version 1.930) to patch this security issue.
Gaining Knowledge Through Practical Application
This challenge extended beyond mere exploitation of a vulnerability; it was an enriching experience in understanding secure coding practices and the necessity for frequent software updates. Using Metasploit for this task, I gained valuable hands-on experience and insights into the practical application of these tools for identifying and mitigating security vulnerabilities.
Progressing Forward
Successfully completing the ‘Source’ room using Metasploit marks a significant advancement in my cybersecurity learning journey. It emphasizes the importance of hands-on experience in effectively identifying and addressing cybersecurity threats. As I progress through the #100DaysOfCybersecurity challenge, each step not only enhances my technical abilities but also solidifies my dedication to the dynamic and critical field of cybersecurity.
Connect with me on LinkedIn: https://www.linkedin.com/in/nishaprudhomme/