TryHackMe Bounty Hacker Write-up

Created By SMN666

First, connect to TryHackMe Network via openvpn and deploy this machine.

Then, scanned with king of scanner — nmap.

We can see ftp & ssh port open.

So, tried to connect ftp anonymous login.

We found 2 texts. One text is password brute-force list. And the other text is user account name for ssh login.

We finally found 2 answer from above task.

And then we can brute-force ssh login with lock.txt file.

#hydra -l lin -P {word-list directory} ip -t 4 ssh.

Finally got ssh login credentials.

And then We got user flag. But we still don’t have root access. So try to sudo

bypass for root privileges. Type this command line:

#sudo -l {found the sudo bypass for tar}

#sudo tar-cf /dev/null /dev/null — checkpoint=1 — checkpoint-action=exec=/bin/sh

We successfully bypass the root access. And got the root’s flag.

Thanks for reading :D

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store