This is a write-up for TryHackMe’s room named BadByte. This is a beginner's friendly room. We need to infiltrate BadByte and then to take over root.Let’s start the enumeration process using nmap.
Reconnaissance
NMAP
# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.114.112
$ sudo nmap -sS -Pn -T4 -p- 10.10.114.112
PORT STATE SERVICE
22/tcp open ssh
30024/tcp open unknown# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,30024 10.10.114.112
$ sudo nmap -O -A -Pn -T4 -p22,30024 10.10.114.112
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 e3:89:a3:33:67:85:ac:08:a5:0f:1a:d4:79:78:d2:66 (RSA)
| 256 c1:93:e9:26:b8:9b:85:bc:c2:8e:08:a2:a4:85:f6:85 (ECDSA)
|_ 256 dd:e1:5c:32:d1:fc:a3:c5:4a:0e:bf:c8:c2:79:e4:71 (ED25519)
30024/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -rw-r--r-- 1 ftp ftp 1752 Dec 27 19:55 id_rsa
|_-rw-r--r-- 1 ftp ftp 78 Dec 28…