This room will introduce you to some fundamental concepts of ethical hacking, including:
- Enumeration: Discovering information about the target system, like its operating system and running services.
- Exploiting vulnerabilities: Finding weaknesses in the system’s defenses.
- Gaining initial access: Taking control of the system with a limited user account.
- Privilege escalation: Increasing your permissions to the highest level (root).
- We initiated a full system scan to discover active services and determine the target’s OS. The system allows anonymous FTP login and contains a file named note_to_jake.txt.
- The initial Gobuster scan did not reveal any hidden or sensitive directories.
- Based on the identified web server port from the Nmap scan, we will initiate a connection to explore further.
- During the review of the target web application source code, a comment mentioning ‘Have you heard of steganography?’ was identified.
- Download the ‘brooklyn99.jpg’ file from the server.
- Leveraging Stegseek, we will attempt to unveil the password for any steganographic payload embedded within the ‘brooklyn99.jpg’ file. We’ve located ‘note.txt’ and suspect it may contain steganographically concealed data. Steghide will be employed to extract this embedded information, followed by viewing the extracted data with the ‘cat’ command.
- Using Hydra, we were able to crack the password for Jake’s SSH login.
- After successfully gaining SSH access, we located the user flag!!. To escalate privileges and potentially obtain the root flag, we employed
sudo -lto identify commands executable with sudo permissions. Ultimately, we achieved root access and retrieved the root flag!!.
Follow me on
LinkedIn: Sumit Battani | LinkedIn
Twitter: https://twitter.com/5um1t0x
TryHackMe: TryHackMe | 5um1t0x
