Hello! I’m Sloane and today I’ll be doing the Brooklyn Nine Nine room from tryhackme.com. Room is Created by Fsociety2006. Room level is easy. Lets do it!
I started with pinging the target ip address to test the reachability. As we see below we can reach to the ip address.
And then I did run rustscan to scan our target and find some open ports, vulnerabilities, basically for gathering information.
It found out 3 open ports: 21, 22 and 80.
I started with ftp and connected to it. It’s already allowed for the anonymous login. In the ftp server I found a text file and downloaded it to my machine.
I opened and read the text file. With this text file I have some information. Firstly, I have three usernames which can be so useful for me and also I have an another information. Which is that Jake’s password is weak. So maybe I can bruteforce it. :)
I also wanted to search the ip address on the browser. I checked out the page source code.
There was a note which is about steganography. So, I downloaded the image maybe I can find some information on it.
I used steghide to inspect the image but it asked for a passphrase which I don’t have.
After it I did run gobuster to find files and directories from this ip address. But it didn’t find any useful thing. Then I moved to the first step which was about the knowledge that I found from the beginning. The weak password… I used hydra to bruteforce with using jake username and the target ip address. And I found the password. Which was weak enough as Amy said.
I connected to ssh via the information that I gathered so far.
I enumerated jake’s machine and found the user.txt.
My level was not enough to access all of the files. So I need to be super user. As a first step I used sudo -l command. It showed me a command which is less. I can use this command to be root basically. Because it says (ALL) which means all users can use this command.
I searched this command on GTFObins website.
And I run it.
Now I’m root and have access to all of the files and everything.
Thanks for reading!