TryHackMe: Basic Pentesting

room: https://tryhackme.com/room/basicpentestingjt

This room guides you through basic web app hacking and privilege escalation.

Task1:

Question 1- Deploy the machine and connect to our network

No answer needed

Question 2- Find the services exposed by the machine

nmap -Pn -sC -sV -oN nmap (machine-ip)

No answer needed

Question 3- What is the name of the hidden directory on the web server(enter name without /)?

gobuster dir -u (machine-ip) -w (dir-to-directory-list-2.3-medium.txt)

development

Question 4- User brute-forcing to find the username & password

No answer needed

Question 5- What is the username?

sudo ./enum4linux.pl -a 10.10.90.27 | tee enum.log

If we run Enum against the machine ip we find that there are users ‘kay’ & ‘jan’

*write any as answer*

jan

Question 6- What is the password?

we can try brute forcing ssh to get password since there is a ssh service running on the server. We know this because of the nmap scan @ question 1. For this we will use hydra.

hydra -l jan -P (dir-to-rockyou.txt) ssh://(machine-ip) -t 4

armando

Question 7- What service do you use to access the server(answer in abbreviation in all caps)?

we know that answer is ssh because of the nmap scan.

SSH

Question 8- Enumerate the machine to find any vectors for privilege escalation

No answer needed

Question 9- What is the name of the other user you found(all lower case)?

we know the answer is kay from question 5

kay

Question 10- If you have found another user, what can you do with this information?

No answer needed

Question 11- What is the final password you obtain?

heresareallystrongpasswordthatfollowsthepasswordpolicy$$