Brute It

Back to tryhackme page

Enumeration

Started enumerating machine using nmap. Found 2 open port with ssh and http services running.

Nmap Result

Started directory enumeration using gobuster , found admin panel. gobuster result

Admin page is login form for admin login.

admin login page

Bruteforcing

Starting bruteforce attack on admin login page with hydra.

admin page bruteforce

Loggin in as admin gave us John’s RSA private key and web flag.

web flag

Here is RSA private key.

RSA Private key

Getting hash from rsa key.

ssh2john

Cracking hash we got from rsa_id using john.

John RSA_id cracking

We got the passphrase for ssh login. Passphrase is “rockinroll”.

Tried loggin in with rsa id but failed.

Failed login

Note : Rsa_id permission need to be set as read only. source

Changing permission gave us ssh shell.

ssh login

Got user flag.

User flag

Got the root flag by exploiting sudo priveleges for cat command.

gtfobins cat

Root flag

Although I got root flag , room demand us to brute force root password. So I got contents of /etc/shadow and /etc/passwd to my machine. Unshadowed it and tried cracking root password. Surprisingly I got root password.

root password cracking

Source

Tryhackme room

Writeups

Write ups and Walkthroughs about vulnerable machines

Brute It

Enumeration

Bruteforcing

Source

Brute It

Enumeration

Bruteforcing

Login from SSH

Source