Open in app

Sign in

Write

Sign in

Home

Library

Stories

Stats

T3CH

Snoop & Learn about Technology, AI, Hacking, Coding, Software, News, Tools, Leaks, Bug Bounty, OSINT & Cybersecurity !¡! But, not limited 2, anything that is Tech Linked…You’ll probably find here ! ;) — Stay ahead with Latest Tech News! -> You write about? Just ping to join !

Follow publication

Member-only story

Billing: TryHackMe Writeup

Hacking the Books (Literally) đź“śđź’¸

Ansul Kotadia
T3CH
Published in
4 min readMar 8, 2025

--

Billing THM

If you’ve ever felt like your internet bill was highway robbery, you’re not alone. But today, we’re not complaining — we’re hacking the billing system itself! Welcome to TryHackMe’s Billing room, where we turn security misconfigurations into root shells. 🚀

📡 Initial Enumeration

We kick things off with our trusty nmap scan:

nmap -sC -A 10.10.157.253

We find:

  • 22/tcp — SSH (OpenSSH 8.4p1)
  • 80/tcp — HTTP (Apache 2.4.56, hosting MagnusBilling)
  • 3306/tcp — MySQL (MariaDB, unauthorized)

So, we’ve got a web service, a database, and a VoIP manager. Smells like misconfigurations are in the air! 🔍

đź’» Web Enumeration

Navigating to http://10.10.157.253/mbilling/, we see MagnusBilling, a VoIP billing system as shown in the figure below:

--

--

T3CH
T3CH

Published in T3CH

790 Followers
Last published 1 day ago

Snoop & Learn about Technology, AI, Hacking, Coding, Software, News, Tools, Leaks, Bug Bounty, OSINT & Cybersecurity !¡! But, not limited 2, anything that is Tech Linked…You’ll probably find here ! ;) — Stay ahead with Latest Tech News! -> You write about? Just ping to join !

Ansul Kotadia
Ansul Kotadia

Written by Ansul Kotadia

87 Followers
90 Following

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams