ColddBox: Easy — TryHackMe

0xsanz
4 min readJan 31, 2021

This is the write-up for TryHackMe’s room named ColddBox: Easy

Rooms’s URL : https://tryhackme.com/room/colddboxeasy

Its is an easy boot2root box and task is to get user and root flag

Enumeration:

# Identify the list of services running on the target machine

sudo nmap -sS -Pn -T4 -p- 10.10.128.156

# Perform further information gathering on the open ports identified above

sudo nmap -O -A -Pn -T4 -p80,4512 10.10.128.156

So we have a WordPress site and SSH running on a non standard port.

WordPress Enumeration

Browse the website

And find the WordPress login Portal at : http://10.10.128.156/wp-login.php

--

--

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204,AZ500