TryHackMe | Brooklyn Nine Nine
https://tryhackme.com/room/brooklynninenine
This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box.
Table Of Contents
User Flag
Scanning : Nmap
FTP Anonymous login : lftp
Password brute-force : Hydra
User login : SSH
Root Flag
Root flag : Sudo
User Flag
We start with a basic nmap scan, which reveals the presence of FTP, SSH and web services on their standard ports:
Command : nmap -A <IP>
Let’s check what we can get from the FTP service, as anonymous access:
Command : lftp <IP>
There is a file named note_to_jake.txt.The note to jake seems to confirm that jake’s password is weak. Let’s try to brute force jake’s SSH password using Hydra:
Command : hydra -l jake -P /usr/share/wordlists/rockyou.txt ssh://<IP> -t 4 -v
Now that we have jake’s SSH password, let’s connect. Nothing interesting in jake’s home:
Command : ssh jake@<IP>
But there are 3 users, 1 of which contains the user flag:
Root flag
Let’s check jake’s privileges:
Command : sudo -l
Jake can run less as root without password. Let’s get the root flag:
Command : sudo /usr/bin/less /root/root.txt
