Bounty hacker Writeup
So here we go, my first writeup :
First start with Nmap(network mapper):
nmap -A -T4 10.10.46.21 (you will have different IP)
and the results are:
From nmap results, I see there are 3 ports open
- ftp:21
- ssh:22
- HTTP:80
and ftp anonymous login is allowed .
Lets, ftp to the box:
I saw 2 files there :
- locks.txt
- task.txt
I used the get command to download both the files .
After opening task.txt , I saw some text from some user Lin
So, the answer to Question 1: Who wrote the task list ?
Ans) Lin
and in locks.txt there is a wordlist .
Q2:What service can you bruteforce with the text file found?
Ans) As there is ssh port open(port 22) , the answer to this question is SSH.
So, lets try bruteforcing password using the wordlist we found .
I m using hydra to bruteforce password .
Command: hydra -l lin -P /home/kali/locks.txt 10.10.46.21 -t 4 ssh
Q3:What is the users password?
Ans)RedDr4gonSynd1cat3
Now we know the user and password .
Lets, ssh to the machine:
Command : ssh lin@10.10.46.21
and type the password when asked .
Q4:user.txt ?
Ans) THM{CR!M3_SyNd1C4T3}
Now, all we have to do is to get the root flag and for that we have to do privilege escalation .
Type : sudo -l
This is to know the root permissions.
We found /bin/tar .
After googling this, I found :
The link:https://gtfobins.github.io/gtfobins/tar/
After running this one liner I got root.
So, now we have rooted this machine and answered all the questions .
Thanks for watching my blog . Have a nice day.