Member-only story
THM - On-Premises IaC
A writeup for the room On-Premises IaC on TryHackMe
This room provides security guidance for on-premises infrastructure as code deployments.
This writeup only covers the last challenge in Task 7 - Attacking On-Prem IaC.
https://tryhackme.com/room/onpremisesiac
Footprinting
We can begin by performing an Nmap scan, which reveals two open ports: 22 and 80.
The webserver on port 80 returns an error and nothing more.
If we try to log in via SSH using the provided credentials (entry:entry), we can find a folder called iac that has a classic structure typical of a Vagrant deployment, as observed in other parts of the room.
Inside the Vagrantfile, we can see that there are two services: the first, called dbserver, is running MySQL on the IP address 172.20.128.3, and the second, called webserver, is located on the IP address 172.20.128.2
These addresses are private, meaning they are not directly accessible from your machine but only from the remote server. To access them, you can forward your connection using SSH tunneling or other…
