Tryhackme
Enumeration
nmap -sC -sV -oN nmap/initial $IP
First we list with nmap and we can see that we have 3 open ports, on 21,22,80 we will continue listing.
FTP
We log in as an anonymous user since in the nmap scan we could see that we have allowed ourselves to log in without credentials and we obtain the two txt documents that we find and read.
Here we find the user "lin" which we will use to brute force hydra with the possible passwords that we find in the file "locks.txt".
BruteForce
Now you should bruteforce the password for the user "lin" and you get the password to login into ssh.User Flag.
Root flag and priesc
For the privilege escalation part we use the binary "tar" that with a "sudo -l" we can see that we can execute it as root without password. We must place the following line in our command terminal: "sudo tar -cf / dev / null / dev / null --checkpoint = 1 --checkpoint-action = exec = / bin / sh"
Enjoy this tutorial and comment here!
By Zer0cool101
Post a Comment
Comments here, cracks!