Brooklyn Nine Nine(tryhackme) Walkthrough

2 min readJan 21, 2021

The Link to this box :

Let’s start enumerating the machine with nmap first.

3 Ports open:

  1. ftp (with anonymous login allowed)
  2. ssh
  3. http

As, anonymous login is allowed .Let’s ftp to the machine.

Command: ftp IP

we see a note_to_jake.txt file and let’s download this file in our machine to see what’s inside.

Command:get note_to_jake.txt

When we cat out the file, we see a username (jake).

Now , we know that ssh port is open, we know the username .Let’s bruteforce the ssh port using hydra.

Command: hydra -l jake -P /full path to wordlist/ IP -t 4 ssh

Now , we know the username and password . Let’s login through ssh using the username and password we found.

Before reading user flag .Let’s check the sudo permissions as after that we can read root flag as well

Command: sudo -l

After sudo -l , we see that we can run /usr/bin/less as sudo . The first thing to do is to google this ( /usr/bin/less privilege escalation) .I found sudo command for this on GTFObins.

Now , we have to cat root flag and as usual it was in root directory.

Now , we have rooted this machine and found all the flags.Thanks for reading my walkthrough and have a nice day.