TryHackMe — Basic Pentesting

Image for post
Image for post

In these set of tasks you’ll learn the following:
1. brute forcing
2. hash cracking
3. service enumeration
4. Linux Enumeration

Machine Information:

Image for post
Image for post
  1. Find the services exposed by the machine

NMAP Scan:

sudo nmap -A -T4 10.10.101.207 -oN nmap_basicpentest

Image for post
Image for post

2. What is the name of the hidden directory on the web server(enter name without /)?

gobuster dir -u 10.10.101.207 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -t 40 -o gobuster_basic 2>/dev/null

Image for post
Image for post

Information Gathering about the /development directory.

Image for post
Image for post
Image for post
Image for post

Enumerating SMB Shares and Users:

enum4linux -a 10.10.101.207

Image for post
Image for post
Image for post
Image for post

3. User brute-forcing to find the username & password

Hint:

For J:

I’ve been auditing the contents of /etc/shadow to make sure we don’t have any weak credentials,
and I was able to crack your hash really easily. You know our password policy, so please follow
it? Change that password ASAP.

-K”

Brute forcing SSH:

hydra -l jan -P /usr/share/wordlists/rockyou.txt ssh://10.10.101.207

Image for post
Image for post

4. Enumerate the machine to find any vectors for privilege escalation

Image for post
Image for post

5. Enumerate the machine to find any vectors for privilege escalation

Transfer linpeas.sh via SCP since Port 22 is open.

Image for post
Image for post

Run the linpeas.sh from the target machine to check for possible escalation.

Image for post
Image for post

Result:

Image for post
Image for post

Navigate to /home/kay/.ssh/ and copy id_rsa into the attacker machine for brute forcing.

Image for post
Image for post

Try to Login as kay using the id_rsa.

Image for post
Image for post

Brute force id_rsa using ssh2john.

Image for post
Image for post

Login as kay using the cracked hash.

Image for post
Image for post

5. What is the final password you obtain?

Image for post
Image for post

References:

Written by

Experienced Network Security Engineer with a demonstrated history of working in the field of IT security industry.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store