Brooklyn Nine Nine — TryHackMe

Brooklyn Nine Nine in THM is a room based on the show in Netflix by the name it says!!. So let’s start into hacking.Now let’s visit the webpage,while inspecting we can see something about steganography.

Tried with tools like steghide,binwalk and exiftool came up with nothing useful to further enumerate. Let’s find what and all services,ports are open for us.

sudo nmap -A <Taget_IP>

Nmap scan shows there are three ports open and interesting one is port 21 that is ftp and it allows anonymous login!! let’s login and see what we can get from it.

In this we can find a text file referenced to jake..

This username jake maybe used to login through ssh as it’s open,use hydra to bruteforce.

sudo hydra -l jake -P /path_to_wordlist/ <Target_IP> ssh

We will get the password after brute-forcing, let’s login through ssh.

User flag is available for us in the holt directory.

Now we need to escalate our privilege to root and get the root flag.

We need to look into what and all commands can user jake can run.

As we can see in the above snap all users can run less command. Let’s find if we can bypass this binary in gtfobins.Run the command to escalate to root!!

By this we got the root flag!! and successfully pwned the machine!!☠

Thank You!!

Happy H@cking!! 👻