TryHackMe | CTF | Hackaish
Spin up your kali, it’s CTF time. Check out this box at https://tryhackme.com/room/box17hackaish
1. Information Gathering: Using nmap to gather details of the target machine. I found out port 80 and 22 is open. Let’s enumerate to find out what’s on the port 80. Alternatively, I used gobuster to enumerate on the possible directories.
2. Brute Forcing:
Since, I have information on the username. It is hydra time, keeping the username as ram and using dictionary rockyou.txt to brute force the credentials.
3. Capturing the user flag
This is was straight forward. Since I have the information on username and password through previous steps, I can ssh into the machine using the same credentials.
4. Capturing the root flag
It took some time to figure out the process to elevate the privilege's. Initially, I was trying with linpeas but , I was unsuccessful in getting any hints to move ahead. Finally, I used the sudo-l command to figure out any escalation chances. Indeed the shell can be pwned through less command since it can be run by anyone.
I went to GFTO bins to see if there are any privilege escalation information on less. Yes, I found one.
WOop.. WOOp.. root flag found. Feeling hackaish aren’t we.
Follow me on medium and leave some claps if this was useful.
Peace✌🏽