top of page
Image by Blake Cheek
  • Writer's pictureBeri Contraster

Basic Pentesting - TryHackMe Walkthrough



Difficulty: Easy


Welcome Reader, Today we'll pwn "Baisc Pentesting" from TryHackMe. Let's start with an Nmap Scan.


Nmap Scan


SMB

Let's scan the SMB shares with smbmap.



We have read the access to Anonymous Share. Let's see what's in there.



I downloaded the "staff.txt" using smbclient.



This note is from Kay and She's asking everyone and Jan, not to upload any work-related stuff on this share. Let's move on to the web. There is a default Apache page on port 8080 and port 80 says it's under maintenance.



Fuzzing

Let's do directory fuzzing on port 80 with gobuster.



I found the /development directory. There is a file in there with a message that was sent to Jan from Kay both are the same users that we discovered earlier from SMB shares. Kay asked Jan to change her weak credentials ASAP.



Brute Forcing

Let's try ssh brute forcing with user Jan because her password is weak so we may be able to crack it using Hydra.



I successfully cracked Jan's password using rockyou wordlist. I logged in and did some manual enumeration first before running any automated scripts and I found the ssh key of Kay.



John The Ripper

The ssh file is password-protected. I moved the file over to my attacking machine. Let's crack the file. First I'll use ssh2john to make it compatible with John.



Now that the file is in john crackable format let's crack it open.



Let's log in with Kay's account.



After looking at the files in the home directory to Kay I found a password.



ROOT

Using the password of Kay I checked if Kay could run anything as root and Kay could run anything as root.



Thanks for reading. If you have any questions please don't hesitate to ask.

Happy Hacking!!




16 views0 comments

Recent Posts

See All

Comments


bottom of page