TryHackMe | CTF | Hackaish

Spin up your kali, it’s CTF time. Check out this box at https://tryhackme.com/room/box17hackaish

1. Information Gathering: Using nmap to gather details of the target machine. I found out port 80 and 22 is open. Let’s enumerate to find out what’s on the port 80. Alternatively, I used gobuster to enumerate on the possible directories.

We have username “ram” lets find password

2. Brute Forcing:
Since, I have information on the username. It is hydra time, keeping the username as ram and using dictionary rockyou.txt to brute force the credentials.

3. Capturing the user flag

This is was straight forward. Since I have the information on username and password through previous steps, I can ssh into the machine using the same credentials.

4. Capturing the root flag
It took some time to figure out the process to elevate the privilege's. Initially, I was trying with linpeas but , I was unsuccessful in getting any hints to move ahead. Finally, I used the sudo-l command to figure out any escalation chances. Indeed the shell can be pwned through less command since it can be run by anyone.

I went to GFTO bins to see if there are any privilege escalation information on less. Yes, I found one.

WOop.. WOOp.. root flag found. Feeling hackaish aren’t we.

Follow me on medium and leave some claps if this was useful.
Peace✌🏽

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kapish Kuchroo

Receiving and Perceiving misconfigurations in the computing systems