BadByte — TryHackMe

BadByte-THM

This is a write-up for TryHackMe’s room named BadByte. This is a beginner's friendly room. We need to infiltrate BadByte and then to take over root.Let’s start the enumeration process using nmap.

Reconnaissance

NMAP

# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.114.112

$ sudo nmap -sS -Pn -T4 -p- 10.10.114.112                                                                                                 
PORT      STATE SERVICE
22/tcp    open  ssh
30024/tcp open  unknown

# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,30024 10.10.114.112

$ sudo nmap -O -A -Pn -T4 -p22,30024 10.10.114.112
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 e3:89:a3:33:67:85:ac:08:a5:0f:1a:d4:79:78:d2:66 (RSA)
|   256 c1:93:e9:26:b8:9b:85:bc:c2:8e:08:a2:a4:85:f6:85 (ECDSA)
|_  256 dd:e1:5c:32:d1:fc:a3:c5:4a:0e:bf:c8:c2:79:e4:71 (ED25519)
30024/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -rw-r--r--    1 ftp      ftp          1752 Dec 27 19:55 id_rsa
|_-rw-r--r--    1 ftp      ftp            78 Dec 28…