This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box.
The challenging room in the beginners path the in Brooklyn Nine Nine in Tryhackme
Let’s start with the Nmap scan
nmap -sV -sC -A -T5 10.10.48.236
We can see that there are three open ports: 21 (FTP), 22 (SSH), and 80 (HTTP).
Lets start with FTP using ANONYMOUS
that there is a file called note_to_jake.txt on the FTP server. This is definitely one of the things that intrigue us.
get note_to_jake.txt
Also let’s start the GoBuster to see if there are any hidden directories, and PHP or HTML files:
This, unfortunately, does not bring us anything interesting
So what we can do here? try to check, is to visit the website (we should’ve done this from the beginning, right?).
There is only an image on the page. We had not found any hidden directories, so from our perspective, it is the only thing we have BUT. What if we checked the source code?
Aha! There is a comment: <!– Have you ever heard of steganography? –>
to next step to check what inside in note_to_jake.txt
cat note_to_jake.txt
Hmm, that’s interesting. Now we know that Jake has a weak password
so we assumed that jake is username so next step to brute force using “Hydra”
hydra -l jake -P /usr/share/wordlists/rockyou.txt ssh://10.10.48.236 -t4
we got the jake PASSWORD!!!
Try to check what is inside in directory ls but we didn’t get anything so we will use
ls -al
there’s nothing in Jake’s & Amy home directory, Holt’s home directory, we see that there is a file called user.txt,
We got the User Flag!!!
To get root flag we need to check what permissions or privileges do we have
This one is a little bit tryckier. First type in the command.
sudo -l
And we can see that Jake can run less command:
less /root/root.txt
Finally we got our ROOT flag !!!
Now we have all our Answers let’s submit it and we have successfully completed our CTF !!
Keep Trying, Keep Working 🙂
Thank you for Reading!!
Happy Hacking
Follow me more to get more tips and tricks! 🙏
Author: Xploit Ayush
Tryhackme , ctf , root , nmap , elevation , root.txt , cat.txt , machine , writeup , solution , walkthrough , flag , xploit ayush , bug hunter , Brooklyn nine nine ,
