Hello. I’m Sloane. And I’ll be doing Basic Pentesting room from tryhackme.com. The room is created by ashu. Lets get started!
I started using rustscan. It found some open ports.
As a next step, I browsed the ip address on my web browser. And that was the result:
I checked out the page source code.
The comment part was mentioning about dev note section. I assumed it is development. So I went to that page. And I was right there was this development page.
It seems J has a weak password. I can bruteforce it. But I don’t know J’s full name yet. So, I’ll enumerate SMB first. I used enum4linux for this.
I found these shares.
I found a text file in the anonymous share. And I downloaded it to my own machine.
I read it. There were 2 usernames. I know the J is Jan and his password is weak so I can bruteforce it now.
I used hydra and rockyou.txt file. It took a bit time but eventually found the password.
Now, I can access to server via ssh.
There we go!
I checked out the home directory. There is also another user as we see Kay.
I checked the ssh directory.
As we see above I have access to read and write. Using id_rsa I can access to Kay’s machine. Lets do it!
I copied the content of id_rsa to my machine. I gave it the correct permissions.
Now, I need the passphrase. I’ll use ssh2john first so john can understand the file. Then I’ll crack it using john.
It cracked it successfully. I’ll use the passphrase.
Awesome! I successfully accessed to kay’s machine.
Now, I’m able to read the pass.bak file.
Thank you for reading!