ColddBox: Easy — TryHackMe

0xsanz
4 min readJan 31, 2021

This is the write-up for TryHackMe’s room named ColddBox: Easy

Rooms’s URL : https://tryhackme.com/room/colddboxeasy

Its is an easy boot2root box and task is to get user and root flag

Enumeration:

# Identify the list of services running on the target machine

sudo nmap -sS -Pn -T4 -p- 10.10.128.156

# Perform further information gathering on the open ports identified above

sudo nmap -O -A -Pn -T4 -p80,4512 10.10.128.156

So we have a WordPress site and SSH running on a non standard port.

WordPress Enumeration

Browse the website

And find the WordPress login Portal at : http://10.10.128.156/wp-login.php

Next step is to run WPScan to enumerate plugins and users and check if user’s passwords can be brute forced:

wpscan --url http://10.10.128.156 --enumerate ap,u

[+] XML-RPC seems to be enabled: http://10.10.128.156/xmlrpc.php ==> This indicates that user’s passwords can be brute forced.

Put the above users in a file named user.txt and lets brute force the password:

wpscan --url…

--

--

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204