TryHackMe — Brooklyn Nine Nine
This room is aimed for beginner level hackers but anyone can try to hack this box. This one is based on the Brooklyn Nine-Nine TV series.
TASK 1 : Deploy and get hacking
This room does not have any complex tasks — there are just two tasks : Get the user and root flag.
Initially, we will try with the reconnaissance, so let’s start with the Nmap scan.
nmap -sC -sV <IP>
By looking at the above screenshot, we can see that we have found 3 ports open i.e. 21(FTP), 22(SSH) and 80(HTTP).
As port 80 is open, copy-paste the IP in the browser and check -
Check the source page of this.
I will download the jpg file now -
By using the file command, we can see that it’s just a jpeg image.
Didn’t get anything interesting here..
We have also seen that Anonymous FTP login is allowed which means it allows anyone who can use FTP to log on to the server, using a general username and without a password check.. So, let’s go for it -
ftp <IP>
ls -a — to list the files in the directory.
get note_to_jake.txt — to download the file
Let’s check what’s in that txt file.
cat <filename>
From the above file we can conclude that Jake’s password is weak and so we can use bruteforce to know his password. Also, we have got 3 usernames from it i.e. Amy, Jake and Holt.
We will now use hydra for bruteforce Jake’s password for ssh.
hydra -l Jake -P <Path_of_the_wordlist> <IP> -t 4 ssh
We have got Jake’s password — ********* (That’s really weak!!)
Now, we will use this password and login to Jake’s account using ssh.
ssh jake@<IP>
Noice!! We were able to login to his account and have also found 3 directories. We will check each one by one.
Amy’s dir :
Holt’s dir :
Jake’s dir :
We have got a txt file in Holt’s dir. Let’s check what’s can we get from that file.
cat holt/user.txt
Yayyyyyy!! We got the user flag..
Now, we will have to look for the root flag.
Using sudo -l command, to check which commands Jake can use as root priviledges.
Great!! Now, execute the below command
less root/root.txt
Finally, got the root flag too!!! :)
Give a clap if you find this useful! Let’s connect on LinkedIn to discuss more -
https://www.linkedin.com/in/pooja-plavilla/
Follow exploit_daily for more!!