Bounty Hacker
First thing we are going to do on this lab is to launch our VM and immediately scan for any open oprts
Looks like FTP, ssh, and http are all open. So Im going to navigate to the IP in the browser
Nothing appears to stick out on the site or in the page source
Decided to FTP into the box and anonymous logins worked
To answer the next THM question, Lin was who wrote task list.txt
The service we can bruteforce with the list found is SSH. We verified that port was open when scanning.
To Brute Force this, we are going to use the HYDRA tool
Password for lin to ssh is RedDr4gonSynd1cat3
Now that we have the username and password, lets SSH into the machine
Last thing we will want to do is locate the root.txt file. Assuming we will need escalate privileges.
Running the sudo -l command, we can see /bin/tar command that can be run
From here we are going to check for anything in GTFO bins
For sudo, I am going to run
sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
Our Root.txt flag is THM{80UN7Y_h4cK3r}!