Bounty Hacker -THM
Connect to THM network and deploy the machine.Let’s do initial recon on the machine using nmap to look for open-ports and services.
sudo nmap -A <target_ip>
Results show that there are 3 open ports 21,22,80. Anonymous ftp login is allowed let’s see what we can get from it.
sudo ftp <target_ip>
There were two text files locks and task get those to your machine using mget command.
The locks.txt file is a password word-list,let’s use this on user lin.Bruteforce ssh login using hydra.
We successfully found the password,login through ssh.
sudo ssh lin@<target_ip>
Here we have user.txt file, now we need to find root flag!
Let’s escalate our privilege to root, to see what commands can sudo user may run!
sudo -l
User can run service tar as sudo! using this to escalate to root,we can find the exploit in gtfobins.
Run the command in the terminal and we successfully escalated to root and got the root flag!!
Thank You!!
Happy H@cking!🦇
