Bounty Hacker Tryhackme CIF Challenge
You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker!
Bounty Hacker – Hello guys and welcome back, Ayush to this side, today we will talk about one of the tryhackme rooms “Bounty Hacker”, it’s quite an easy room where you will learn about FTP, hydra tool, and how you can do permission
escalation using tar command. So, any time, let’s get into it. Bounty Hacker
Step_0 – Connect OpenVPN
First, Login tryhackme and download the configuration file from the access page below in the More menu as shown in Figure 1.2 below:
Go to Download Page
If you have already installed OpenVPN on your computer, otherwise you can install it by typing the following command: (Linux user sudo)
Once you have installed OpenVPN on your computer, go to the directory of this configuration file and enter the following command as shown in Figure 1.3 below:
It will start connecting and when the terminal shows you that the sequence is complete as shown in the message in Figure 1.4, it means that your VPN is connected to the TryHackMe network.
If OpenVPN will not connect you then IP address will not work on your system. Will not come online.
Step_1 – Find open ports on the machine
First, we need to find the open ports on our target computer, but if you are a beginner, you will think about what is a port or port number, for them, here is a small explanation of the port number.
Port: Ports are nothing but unique numbers that are assigned to the many services running on your system to identify them on the network. For example, your firefox browser is running on port something 5543. Bounty Hacker
Now let’s come to the question, find open ports, so for that, we will use the Nmap tool which is used for port scanning, it helps us to find open ports, so let’s see what are the open ports on our target.
But here -sV is enough to find open ports and services needed for escalation, so let’s do it
Here you can see that there are 21,22,80 ports open so why not FTP to the target computer because anonymous login is enabled which means anyone can FTP to the server so let’s do it.
Step_2 – Login FTP & View File
FTP is a file transfer protocol that runs on port 21 and is used to transfer computer files between a client and a server on a network over port 21.
User: anonymous
Here you can see that we have access to the FTP server, let’s see what the files are, just type the ls command.
You can have two files here, just type get the filename to get this file on your system.
Type exit and let’s read both files to get the answer of who wrote the task list.
Here you can see that we have the writer’s name as in
Q2 Who wrote the task list? (User: lin)
- lin
Step_4 – SSH Bruteforce
To do this, we brute force the user’s password using a lock.txt word list and the hydra tool.
Now we have the password, now it’s time to ssh to the target.
Q3 What service can you brute force with a found text file?
- SSH
Q4 What is the user’s password?
- RedDr4gon******at3
Step_5 – Login SSH
Now we have the password, now it’s time to ssh to the target.
After SSH server login type ls
Now we have the user.txt flag and now we need to find the root.txt, first, we checked what permissions we have, and what actions we can perform as root.
Q5 user.txt
- THM{CR1M3_S******T3}
Step_6 – sudo login
For this just enter sudo -l
Here you can see that we have tar command privileges as root. After that I searched how we can exploit using the tar command, then I got it from gtfobins.github.oi
And Type SSH Password. Now I enter whoami and then get root access.
Fine root.txt
Q5 root.txt
- THM{80UN7******3r}
Congratulations, we finally solved the lab, and thanks so much for your time, if you enjoyed this write-up and feel like this is; painful please share it with your friends and clap!!!
Disclaimer :
This was written for educational purposes only. You will not misuse information for unauthorized access. Doing any hacks without written permission is illegal ..!
All videos and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security, and cyber security should be familiar to everyone who uses digital information and computers. The tutorials and videos Hacker guides are against the misuse of information and we strongly recommend against it.
All tutorials contain any illegal activity. We want to raise security awareness and inform our readers on how to avoid becoming a victim of hackers. If you intend to use the information for illegal purposes, please leave this website. We cannot be held responsible for any misuse of the information.
