Boxo1troll1
Hi folks,
This box is completely for the beginner level challenge
Box url:- https://www.tryhackme.com/room/boxo1troll1
Deploy the machine
Check connectivity
Enumeration
Run nmap scan to check for open ports
Since, port 80 is open, we will check with the server
There is no useful information, we will run gobuster
#gobuster dir — url http://10.10.244.246/ — wordlists /usr/share/wordlists/dirb/common.txt
Check for robots.txt directory
Here, we dont find any information as well.we will run ftp
Task 1:- Collect Flags
We will login with “anonymous” user for ftp as it does not require passwords
#ftp 10.10.244.246
Here we found a pcap file
Let’s download it to our machine using “get” command
We know, that pcap file can be opened using wireshark
Lets open the file using wireshark
We can see the TCP handshake. So, check the stream
By checking all the stream, we got an information about directory
Lets use this directory in web
We got a roflmao file. Let’s download it
Execute the downloaded file using “strings” command
#strings roflmao
Here, we can find the address to proceed
By checking with the address we got 2 files
We will check the files one by one
By checking “goodluck” directory we got the user
By checking the password file we get list of passwords
Lets store those data in our machine to perform hydra
We are performing hydra to get the credentials for ssh user
Since, we got the credentials, we will login with ssh
We got a user shell
We will check the hostname of the machine
Search in google
Start python server and download the file in user
Download the file in tmp dir
Compile it to gcc
We found the flag!!! yaaay !!!Hope this helped to crack the beginner level challenge box.
Happy Learning!!!
