Connect to THM network and deploy the machine.Let’s do initial recon on the machine using nmap to look for open-ports and services.
sudo nmap -A <target_ip>
Results show that there are 3 open ports 21,22,80. Anonymous ftp login is allowed let’s see what we can get from it.
Let’s Start Enumeration, using Nmap to see open ports and services.
sudo nmap -A <target-ip>
There are two open ports 22 and 80,lets look for hidden directories using Gobuster.
sudo gobuster dir -u http://<target-ip>/ -w /usr/share/wordlists/dirb/common.txt — wildcard php,html
Brooklyn Nine Nine in THM is a room based on the show in Netflix by the name it says!!. So let’s start into hacking.Now let’s visit the webpage,while inspecting we can see something about steganography.
Tried with tools like steghide,binwalk and exiftool came up with nothing useful to further enumerate…
Task 1: Deploy the vulnerable Windows machine
Whats the name of the clown displayed on the homepage?
— >To get this we need to do reverse image lookup.Just google reverse image link and submit the clown image, you will be getting his name.
Let’s enumerate the machine further to know…
Let’s do what we always do Enumerate and then see if we can escalate our privilege to almighty root! We need to know if any open ports are available and the service in them,we can use nmap to know that.
sudo nmap -T4 -p- -A <Target_IP>