Brooklyn Nine Nine(tryhackme) Walkthrough
The Link to this box :https://tryhackme.com/room/brooklynninenine
Let’s start enumerating the machine with nmap first.
3 Ports open:
- ftp (with anonymous login allowed)
- ssh
- http
As, anonymous login is allowed .Let’s ftp to the machine.
Command: ftp IP
we see a note_to_jake.txt file and let’s download this file in our machine to see what’s inside.
Command:get note_to_jake.txt
When we cat out the file, we see a username (jake).
Now , we know that ssh port is open, we know the username .Let’s bruteforce the ssh port using hydra.
Command: hydra -l jake -P /full path to wordlist/ IP -t 4 ssh
Now , we know the username and password . Let’s login through ssh using the username and password we found.
Before reading user flag .Let’s check the sudo permissions as after that we can read root flag as well
Command: sudo -l
After sudo -l , we see that we can run /usr/bin/less as sudo . The first thing to do is to google this ( /usr/bin/less privilege escalation) .I found sudo command for this on GTFObins.
Now , we have to cat root flag and as usual it was in root directory.
Now , we have rooted this machine and found all the flags.Thanks for reading my walkthrough and have a nice day.
