TryHackMe: Bounty Hacker
- Deploy the machine.
[Completed] - Find open ports on the machine.
* Zenmap.
- Who wrote the task list?
* access FTP
* ls-la to list directories
* get files. (download)
* cat files (read) and answer found.
- What service can you brute force with the text file found?
* Zenmap.
- What is the users password?
* access HTTP <ip>
— check source page (nothing found)
— Multiple user names found.
— create a list with all names found and save it.
— file named “locks.txt” downloaded from FTP, use as a password file.
* Bruteforce SSH using Hydra.
* User Logon name and password found.
- user.txt?
* login “lin” using ssh.
* ls -la = listing directories.
* cat = to read file.
- root.txt?
* privilege escalation.
* sudo -l = the -l (list) option will list the allowed (and forbidden) commands for the invoking user.
* Checking GTFOBins for sudo commands.
* Run the found command from GTFO.
* cd (change) directory and cat (read) “root.txt” file.