Created By SMN666
First, connect to TryHackMe Network via openvpn and deploy this machine.
Then, scanned with king of scanner — nmap.
We can see ftp & ssh port open.
So, tried to connect ftp anonymous login.
We found 2 texts. One text is password brute-force list. And the other text is user account name for ssh login.
We finally found 2 answer from above task.
And then we can brute-force ssh login with lock.txt file.
#hydra -l lin -P {word-list directory} ip -t 4 ssh.
Finally got ssh login credentials.
And then We got user flag. But we still don’t have root access. So try to sudo
bypass for root privileges. Type this command line:
#sudo -l {found the sudo bypass for tar}
#sudo tar-cf /dev/null /dev/null — checkpoint=1 — checkpoint-action=exec=/bin/sh
We successfully bypass the root access. And got the root’s flag.
Thanks for reading :D