π°{THM} Bounty Hunter
Last updated
Last updated
You were boasting on and on about your elite hacker skills in the bar and a few Bounty Hunters decided they'd take you up on claims! Prove your status is more than just a few glasses at the bar. I sense bell peppers & beef in your future!
For this step, like always I will run nmap scan to find any open port.
Notice that 3 port are open where. Since port 80 is open, let find any directory first.
While waiting for scanning done, let login to ftp since it allow anonymous login.
connection timeout. Bug Ubuntu.
Bug detect :
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Fixed with :
sudo ip li set mtu 1200 dev tun0
After we fix the problem, now we can access the file in ftp. (no picture) In this file, it have 2 text file. Let download it and open in our machine.
After looking around, locks.txt file look like credential and task.txt have some name.
Since we have the name and list of password, let brute-force it.
hydra -l list -P <filename> -t 6 ssh://THM_MACHINE
After a while, finally our hydra can find it password. Let login via ssh.
Just like that, we in as lin. Now let find our objective. We can find flag here.
Let escalate to root. I check first with sudo permission.
Seem that this user have permission to run on that directory. Let escalate it.
Now we get. It not really difficult. It really got started.
Thank for reading.