Brains, — TryHackMe Walkthrough

This article details a cybersecurity challenge on TryHackMe where a vulnerable TeamCity server was exploited using CVE-2024-27198 to gain remote code execution. It also covers forensic analysis with Splunk to detect attacker activities like backdoor user creation, malicious package installation, and uploaded plugins. #CVE‑2024‑27198 #TeamCity #Splunk #Metasploit #backdoor

Keypoints

The challenge involved exploiting a TeamCity 2023.11.3 server using an authentication bypass vulnerability.
The attacker used Metasploit to deliver a malicious plugin and obtain a meterpreter shell.
Post-exploitation forensic work was performed with Splunk to analyze logs and detect attacker activities.
A backdoor user named “eviluser” was created during the attack.
Malicious activities included installing a package called “datacollector” and uploading a plugin named “AyzzbuXY.zip”.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print