This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box.
This is an “easy” level box in Tryhackme. It appears it would like us to locate a user flag as well as a root flag
First thing we’re going to do is enumerate the machine using nmap
Looks like we have ports 21, 22, and port 80 open.
lets navigate to the webpage. Not much showing on the webpage outside of an image
Next step Im going to go with is to attempt to ftp into the machine anonymously
Looks like we have a note in the ftp server called note_to_jake.txt
Used a GET on the file and cat’d it out. It looks like Jake has a weak password.
This is basically a hint that Im assuming.
From here I am going to attack ssh using hydra and sure enough!
Going to attempt to login to ssh with these credentials
running ls -la we find an interesting file (.sudo_as_admin_successful)
Did some digging on the device and was able to locate the flag!
Next step is to locate the Root password
running sudo -l we see that we can run /usr/bin/less as root
From here we are going to check out GTFO bins and see what we can find
with the less command we can run this for sudo
run the command, navigate around and boom!
