Brooklyn Nine Nine — TryHackMe — WriteUp
Hello. I’m Rahmos. Here is my Brooklyn Nine Nine — TryHackMe — WriteUp. Check it out!
First, deploy the machine and use nmap to scan for open ports.
nmap -A -T4 -v <ip>
As ftp is opened and can login as anonymous, let’s login to ftp and cat content of find note_to_jake.txt
ftp -A <ip>
Then get content of this .txt file using get:
get note_to_jake.txt -
Now i know the username for ssh: jake and his password is weak! And also 3 possible users: Amy, Jake, holt.
Now access to its website
Just an image, but let’s Crtl + U to view page source.
Now let’s use steghide to extract hidden data inside this image!
Download the image and use stegcracker to crack the password and extract hidden data. If you don’t have stegcracker, you can install it using this cmd:
pip3 install stegcracker
Now run:
stegcracker brooklyn99.jpg
Now you have hotl password! Let’s ssh to the machine.
ssh holt@<ip>
Success! Now cat our first flag.
Now try to get root. Run sudo -l to see which command can hold run as root
So holt can run nano as root without password needed. Let’s nano the content of root.txt
sudo /bin/nano /root/root.txt
The end.
HAPPY HACKING