THM Bounty Hacker Write-up
This post is a write-up from tryhackme Bounty Hacker room.
First of all scan the machine using nmap.
You will get 3 open ports, 21:ftp, 22:ssh and 80:http.
The web application running on port 80 is just a chat history where some people challenge you to root the system.
The ftp running on port 21 allows anonymous login and there’s 2 interesting txt files.
Inside task.txt there’s 2 random useless instructions writed by someone called “lin”.
The another one is a wordlist with some passwords. Now you have one possible user and a wordlist to brute force something.
Running a brute force on ssh you will get the credentials.
Now you have the user flag, let’s scale privileges.
You can run /bin/tar as root, but what could you do with this?
After some search I found how to run commands with tar, now you are root.
And now you have the root flag.
This was my first ctf write up, sorry anything I did wrong, thanks for read and see you space cowboy…