Open in app

Sign in

Write

Sign in

Member-only story

THM - Brains

Francesco Pastore
3 min readMar 28, 2025

A writeup for the room Brains on TryHackMe

The city forgot to close its gate.

https://tryhackme.com/room/brains

Task 1 - Red: Exploit the Server!

What is the content of flag.txt in the user’s home folder?

We can start by doing a scan with nmap.

We found three open ports: 22, 80, and 50000.

The web server on port 80 is under maintenance.

We found an instance of TeamCity on port 50000.

The server is running TeamCity 2023.11.3.

A quick online search will reveal that this version is affected by CVE-2024–27198, which allows authentication bypass and remote code execution.

https://nvd.nist.gov/vuln/detail/cve-2024-27198

There are many scripts already available to exploit this vulnerability.

In particular, I was able to successfully exploit the server with the following…

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

145 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech