TryHackMe Room: EasyCTF walkthrough

TryHackMe platform

A write up covering steps taken to solve Beginner level CTF : EasyCTF room in TryHackMe platform.

This blog is written as part of task of Masters Certification in Red Team Program from HackerU.

Step 1 : Connect to TryHackMe and start target machine

  1. Connect to TryHackMe by entering command :

sudo openvpn /pathtoOVPNfile.ovpn

2. Start machine in ‘easyctf’ room — target ip address will be displayed in a minute.

Step 2 : Information gathering using Nmap and dirbuster

  1. Start nmap scan of the target ip:

nmap -A -O <target ip>

nmap result

open ports

  • 21 — ftp vsftpd 3.0.3
  • 80 — http apache 2.4.18
  • 2222 — ssh

2. Accessing open ports

port 80:

running dirbuster to find folder structure: found/simple

Navigating to /simple: found cms version 2.2.8 which is vulnerable to CVE-2019–9053 sql-injection

port 21: Anonymous login was successful and found a user file under it.

Anonymous login

3. Trying ssh brute force using hydra for the user name found through ftp login:

hydra -l <usrname> -P /usr/share/wordlists/rockyou.txt 10.10.54.243 -t 4 ssh -s 2222

ssh brute force

Login through ssh using above found password

4. Exploring the current location found user.txt

user.txt

Exploring further: Found vim which needs no password to execute with root permission

sudo -l

5. Checking gtfobins site for sudo and vim

6. Trying privilege escalation :

Sudo vim –c ‘:!/bin/sh’

root access

7. Searching for root.txt file

root.txt

With this all the questions given in the room can be answered.

--

--

--

Software Tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

All the times Kafka Connect has let me down

Fast.ai Lesson 14 notes — Part 2 v3

HASA — Laravel Multipurpose Multi-language Fashion Shop

How to learn to code fast?

Incident Post Mortem: October 27, 2021

How To Combine Git Commits — Rebase And Squash

First-ever project of coding using HTML, CSS, and JavaScript !!

Mist NFT — Weekly Recap #5

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
HinaK

HinaK

Software Tester

More from Medium

ClassLoader in JVM

CS373 Spring 2022: Ruchi Bhalani Week 4

Remembrance Day: Visible Minorities And First Nation Veterans Fought for Equality And Respect