Jack Of All the Trades | TryHackMe Writeup

Overview

Jack Of All Trades is an easy Linux-based machine in TryHackMe

User Part

start with nmap scan found 2 open ports , so run version scan using Nmap. But got port 22 is http and 80 is ssh

I opened in browser and the browser rejected the request

this blog helped me to bypass blocking by browser

the webpage looks like.

i got some base64 encoded string and a PHP file while checking sourcecode

the base64 encoded string contains a password

then i run gobuster for directory search and got a folder

the folder contains some images, I downloaded and checked

1 file contains a username and password. I tried with ssh but no success

recently I got a PHP file with base64 encoded string, so I went to that file, it is a login page. I tried with the above-got credentials and logged in successfully

the page itself tells you need to try with cmd in GET form

i tried with cmd and got command injection.

then turned it into a shell

From the home directory i got some passwords, i need to brute force for correct password

i tried with hydra and got password

i got user shell

in user home directory , it contains only a image so i downloaded that file

it contains flag inside that image

Root Part

i tried with SUID and i got strings command

so i run with string command to view root.txt and got root.txt

Share on facebook
Share on twitter
Share on linkedin