Cyborg - TryHackMe

0xsanz
5 min readJan 27, 2021

A box involving encrypted archives, source code analysis and more.

This is the write-up for TryHackMe’s room named Cyborg.This can be found here:- https://tryhackme.com/room/cyborgt8

Enumeration

Deploy the the box and run NMAP against the target IP.

NMAP

# Identify the list of services running on the target machine
sudo nmap -sS -Pn -T4 -p- 10.10.236.54

nmap all ports

# Perform further information gathering on the open ports identified above
sudo nmap -O -A -Pn -T4 -p22,80 10.10.236.54

nmap port 22 and 80 OS detection, version detection, script scanning

We have only 2 services running SSH on port 22 and HTTP on port 80.This info is sufficient to answer first 3 questions.SSH version looks relatively new and thus let’s enumerate the Web Server further by running a gobuster scan.

Gobuster

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.10.236.54 -t 40

Above gobuster scan reveals few more directories which we can look manually via our favorite Web Browser. So lets take a look to check if we can find anything interesting:

http://10.10.236.54/admin/admin.html

http://10.10.236.54/admin/archive.tar

http://10.10.236.54/etc/squid/passwd

So we have a backup named “music_archive” which we can download as “archive.tar” along with a potential password for that…

--

--

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204