TryHackMe — Brooklyn Nine Nine

exploit_daily

·

Follow

4 min read

·

Aug 30, 2022

--

Listen

Share

This room is aimed for beginner level hackers but anyone can try to hack this box. This one is based on the Brooklyn Nine-Nine TV series.

TASK 1 : Deploy and get hacking

This room does not have any complex tasks — there are just two tasks : Get the user and root flag.

Initially, we will try with the reconnaissance, so let’s start with the Nmap scan.

nmap -sC -sV <IP>

By looking at the above screenshot, we can see that we have found 3 ports open i.e. 21(FTP), 22(SSH) and 80(HTTP).

As port 80 is open, copy-paste the IP in the browser and check -

Check the source page of this.

I will download the jpg file now -

By using the file command, we can see that it’s just a jpeg image.

Didn’t get anything interesting here..

We have also seen that Anonymous FTP login is allowed which means it allows anyone who can use FTP to log on to the server, using a general username and without a password check.. So, let’s go for it -

ftp <IP>

ls -a — to list the files in the directory.

get note_to_jake.txt — to download the file

Let’s check what’s in that txt file.

cat <filename>

From the above file we can conclude that Jake’s password is weak and so we can use bruteforce to know his password. Also, we have got 3 usernames from it i.e. Amy, Jake and Holt.

We will now use hydra for bruteforce Jake’s password for ssh.

hydra -l Jake -P <Path_of_the_wordlist> <IP> -t 4 ssh

We have got Jake’s password — ********* (That’s really weak!!)

Now, we will use this password and login to Jake’s account using ssh.

ssh jake@<IP>

Noice!! We were able to login to his account and have also found 3 directories. We will check each one by one.

Amy’s dir :

Holt’s dir :

Jake’s dir :

We have got a txt file in Holt’s dir. Let’s check what’s can we get from that file.

cat holt/user.txt

Yayyyyyy!! We got the user flag..

Now, we will have to look for the root flag.

Using sudo -l command, to check which commands Jake can use as root priviledges.

Great!! Now, execute the below command

less root/root.txt

Finally, got the root flag too!!! :)

Give a clap if you find this useful! Let’s connect on LinkedIn to discuss more -

https://www.linkedin.com/in/pooja-plavilla/

Follow exploit_daily for more!!