Skip to main content

Brooklyn 99


This is writeup of Brooklyn nine nine room in tryhackme.com

Summary: Easy Room just required standard enum. The entry point is by bruteforcing through hydra and then using gtfo.

Walkthrough:

nmap -sC -sV <ip>

We can see anonymous ftp login and a note.

So we can see jake is username and we need to bruteforce for the password. ok.
Now enum http port


So here we have a clue. Nope maybe a rabbit hole.
Let's do bruteforce in ssh port with hydra
Alright got ssh pass
Here we go simple gtfo

and rooted

Another rabbit hole. If you dirbust with jpg extension will result this pic
This pic containes hidden data which turns out to be troll.




Labels:

Comments

Post a Comment

Popular posts from this blog

Forensics

This is a memory dump of compromised system, do some forensics kung-fu to explore the inside. The Following Room is walkthrough of Forensics Machine of tryhackme
Post a Comment
Read more

Borderlands CTF

Let's start borderland In starting the machine doesn't look insane at all getting initial shell is not that hard but what new for me was pivoting the router and reading the Data. Walkthrough: Let's start with nmap scan nmap -sC -sV <ip> Okay so port 80 have http server I will run dirbuster to check for Directories with that we can check out the apk given by them. I took hint and the first key is in apk. Here we go we can already see something interesting lets extract out the source code with the .git. I used GitTools to extract all source code. https://github.com/internetwache/GitTools I checked out first commit to find out anything leaked within source code or not. According to hint the WEB key will be in webpage. So we got our first flag with it we can check out the first 20 letter of any key in api.php Let's search for GIT flag. grep -rn GIT So we got GIT flag but we can see 20 letter or AND flag only so i extracted the app using apktools apktool d mobile.apk g...
Post a Comment
Read more