Member-only story
Billing: TryHackMe Writeup
Hacking the Books (Literally) 📜💸
4 min read4 days ago
If you’ve ever felt like your internet bill was highway robbery, you’re not alone. But today, we’re not complaining — we’re hacking the billing system itself! Welcome to TryHackMe’s Billing room, where we turn security misconfigurations into root shells. 🚀
📡 Initial Enumeration
We kick things off with our trusty nmap scan:
nmap -sC -A 10.10.157.253
We find:
- 22/tcp — SSH (OpenSSH 8.4p1)
- 80/tcp — HTTP (Apache 2.4.56, hosting MagnusBilling)
- 3306/tcp — MySQL (MariaDB, unauthorized)
So, we’ve got a web service, a database, and a VoIP manager. Smells like misconfigurations are in the air! 🔍
💻 Web Enumeration
Navigating to http://10.10.157.253/mbilling/, we see MagnusBilling, a VoIP billing system as shown in the figure below:
