TryHackMe-BountyHackerCTF

NMAP

PORT 80

Dirbuster

Since we have access to ftp through “anonymous” login we can also upload a php reverse shell but it won’t do any good it we will be same as logging into a ftp server.

PORT 21

We can grab the task.txt through “get” command.

We also found a list of passwords so that we can use it in brute forcing.

PORT 22

By looking at the text file we can check if “lin” is a user on that box so we can bruteforce our way in through ssh by using hyrda.

$IP is nothing but a variable for bash environment , export IP=10.10.187.202.

We found the password for “lin”.

Privilege Escalation

We can root the box through “/bin/tar” we can find exploit to it by visiting GTFOBINS.

We are now root and we can read that root.txt flag in order to complete the CTF.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store