Brooklyn Nine Nine — TryHackMe — WriteUp

Hello. I’m Rahmos. Here is my Brooklyn Nine Nine — TryHackMe — WriteUp. Check it out!

First, deploy the machine and use nmap to scan for open ports.

nmap -A -T4 -v <ip>

nmap

As ftp is opened and can login as anonymous, let’s login to ftp and cat content of find note_to_jake.txt

ftp -A <ip>

Then get content of this .txt file using get:

get note_to_jake.txt -

Now i know the username for ssh: jake and his password is weak! And also 3 possible users: Amy, Jake, holt.

Now access to its website

website

Just an image, but let’s Crtl + U to view page source.

View page source

Now let’s use steghide to extract hidden data inside this image!

the image url

Download the image and use stegcracker to crack the password and extract hidden data. If you don’t have stegcracker, you can install it using this cmd:

pip3 install stegcracker

Now run:

stegcracker brooklyn99.jpg

stegcracker

Now you have hotl password! Let’s ssh to the machine.

ssh holt@<ip>

ssh

Success! Now cat our first flag.

user.txt

Now try to get root. Run sudo -l to see which command can hold run as root

sudo -l

So holt can run nano as root without password needed. Let’s nano the content of root.txt

sudo /bin/nano /root/root.txt

nano

The end.

HAPPY HACKING