BOOK THIS SPACE FOR AD
ARTICLE ADLearn how to brute, hash cracking and escalate privileges in this box!
Brute It : TryHackMeThe challenging room in the beginners path the in Brute It in Tryhackme that involves brute force, hash cracking, and privilege escalation. This box was pretty straightforward and didn’t have any rabbit holes to exploit this machine.
I think this could be helpful for CEH preparation, this is not too complex.
Connect to the TryHackMe network, and deploy the machine.
How many ports are open?
nmap -sV -sC -A -T4 10.10.173.221Answer- 2 Ports (22 & 80)
What version of SSH is running?
OpenSSH 7.6p1
What version of Apache is running?
2.4.29
Which Linux distribution is running?
Ubuntu
What is the hidden directory?
gobuster dir -u http://10.10.173.221 -w /usr/share/wordlists/dirb/common.txt/admin
We didn't see anything interesting here there is just login page lets check source code
source codehere the username is “admin”.
errorI tried to login with a random password to get the error message, when the login fails.
We can brute force the HTTP post form using Hydra, its look like login form.
We got the login id and password ! lets loggin in
With the brute-forced password now we can log into the admin page and grab the first flag
rsa_keyIt looks like the RSA private key, we can crack the RSA private key using the John The Ripper tool.
ssh2john.pyssh2john.py rsa_key > key.txtjohn key.txt --wordlist=<wordlist>
Save rsa_key into key_text file and convert it for john.
Then crack the passphrase.
And I got the password for the RSA private key.
Now try to login john ssh, As soon as we open the ssh, we can see the user.txt flag.
BOOM! We Got the SHELL !
To get root flag we need to check what permissions or privileges do we have
This one is a little bit tryckier. First type in the command
sudo -lWe can use cat to find out the hashes of user’s passwords.
Using the John the Ripper, crack the hash for the root user. Store the hash in one file and crack it.
john --wordlist=/usr/share/wordlists/rockyou.txt root_hash.txtAnd now we have the password for the root user. Let’s escalate our privileges as a super user.
su rootPassword:
/home/john#root.txt
Finally we got our ROOT flag !!!
Now we have all our Answers let’s submit it and we have successfully completed our CTF !!
Keep Trying, Keep Working :)
Thank you for Reading!!
Happy Hacking
buymeacoffeetryhackmeTryhackme , ctf , root , nmap , elevation , root.txt , cat.txt , machine , writeup , solution , walkthrough , flag , xploit ayush , Brute It