TryHackMe: Basic Pentesting
#1 Deploy the machine and connect to our network.
- ( Completed ).
#2 Find the services exposed by the machine.
- ( 80, 22, 139, 445,..) Via Nmap/Zenmap.
#3 What is the name of the hidden directory on the webserver(enter name without /)?
- ( ‘/development’, Found Via dirsearch ).
#4 User brute-forcing to find the username & password.
- ( Completed ).
#5 What is the username?
- ( ‘jan’ found Via enum4linux).
#6 What is the password?
- ( jay:armando found Via Hydra with SSH ).
#7 What service do you use to access the server(answer in abbreviation in all caps)?
- ( SSH ).
#8 Enumerate the machine to find any vectors for privilege escalation.
- ( Completed).
#9 What is the name of the other user you found(all lower case)?
- ( ‘kay’ found Via enum4linux).
#10 If you have found another user, what can you do with this information?
- ( Completed).
#11 What is the final password you obtain?
- ( ‘ heresareallystrongpasswordthatfollowsthepasswordpolicy$$’ ) — Found Via PEASS and JohnTheRipper.