Brooklyn Nine Nine

This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box.

This is an “easy” level box in Tryhackme. It appears it would like us to locate a user flag as well as a root flag

First thing we’re going to do is enumerate the machine using nmap

Looks like we have ports 21, 22, and port 80 open.

lets navigate to the webpage. Not much showing on the webpage outside of an image

Next step Im going to go with is to attempt to ftp into the machine anonymously

Looks like we have a note in the ftp server called note_to_jake.txt

Used a GET on the file and cat’d it out. It looks like Jake has a weak password.

This is basically a hint that Im assuming.

From here I am going to attack ssh using hydra and sure enough!

Going to attempt to login to ssh with these credentials

running ls -la we find an interesting file (.sudo_as_admin_successful)

Did some digging on the device and was able to locate the flag!

Next step is to locate the Root password

running sudo -l we see that we can run /usr/bin/less as root

From here we are going to check out GTFO bins and see what we can find

with the less command we can run this for sudo

run the command, navigate around and boom!