Video Tutorial TryHackMe Anonymous Walkthrough

Hexui Undetected CSGO Cheats PUBG Accounts

SystemExploited

Meme Tier VIP
Fleep Tier Donator
Trump Tier Donator
Dank Tier Donator
Nov 29, 2020
8
1,658
0
1613084881225.png


Let's root this TryHackMe Anonymous machine in this walkthrough. This will help us get an understanding of the basics of penetration testing, this is a great beginner linux server to pentest. Might be a samba server based on the open ports.


This video is made by me SystemExploited please subscribe to my channel and follow me on Twitter:
https://youtube.com/SystemExploited
https://twitter.com/ExploitedSystem

First we run a standard NMAP scan to enumerate the ports and services, finding 4 ports open:
  • 21: FTP
  • 22: SSH
  • 139: SMB
  • 445: SMB
Let's take a look at the FTP server, we first try to do an anonymous login...and it actually works without a password. Once we're in let's enumerate the directories and move into the scripts folder, we find 3 files:
  • clean.sh
  • removed_files.log
  • to_do.txt
The log file contains what looks like the output from a cron job, we check the shell script and it appears to be a script that does some cleanup. Our FTP user doesn't have execute permissions obviously so we need to abuse this shell script to do start a reverse shell, we hit DuckDuckGo and we find suitable reverse shell script we can paste in, in this case it's a python reverse shell. Let's overwrite clean.sh with our own bash script which executes the python reverse shell.

Once that's setup, let's start our netcat listener, and boom the cron job executes and we get a shell. Once we bounce into the user's home folder we find the user.txt flag, great. Next up we need to privelage escalate, we're going to start by searching for SUID binaries, which are binaries that execute with elevated permissions even when executed by regular users.

We notice the "/user/bin/env" binary can be abused, so we hit gtfobins and figure out how to use it. Once we run the correct command we can call "whoami" and we are indeed root. So let's peruse the directories and what do we find? /root/root.txt! Boom we got our root flag. I hope you enjoyed this TryHackme Anonymous walkthrough.
 
Last edited by a moderator:

Similar threads

Community Mods