HacketyHack THM Writeup


How many ports are open

1. Start with a basic TCP scan of the target

#nmap -sS -T4 <IP>

2. Looking at the website we get a clue 
3. We see a reference to samba and when we did our scan we saw that ports 139 and 445 are open.  It's time to map with smbmap
4. Connect with smbclient and download hr.txt

the content is encoded in base64 which we were given a clue about earlier
5.Open up Cyberchef.io and use the recipe "from base64"

6. login with ssh with the credentials provided and grab the user flag
7. Escalation
Check what you can do with sudo as the current user

We are able to run /usr/bin/nano as root
this link teaches us about it
effectively we can create a root shell directly from the nano prompt

8. Locate and open the root.txt!

Popular Posts