THM | Brooklyn Nine Nine

Scanning & Enumeration

we start by nmap scan nmap -sC -sV <machine_ip>

port ftp 21 open with anonymous login allowed

port ssh 22 open

port 80 open

login to ftp

we have anonymous login allowed so we can login easily to ftp

we have text file, lets get it and find out whats inside

this means that we should brute force ssh login with username Jake

as you can see we got the password buy using hydra to bruteforce the Jake username

now let’s login to ssh :)

login succeed

lets search now for the user.txt

after quick search we found user.txt file in holt directory

privilege escalation

now lets try to root the machine and get root.txt

we first try sudo -l to see what we can do

and as you can see we can use this command to get root :)

finally we search for root.txt