GamingServer-TryHackMe

0xsanz
3 min readSep 8, 2020

This write-up is based on TryHackMe’s room named Gaming Server and can be found at:-

https://tryhackme.com/room/gamingserver

Description says that is an easy Boot2Root box and the task is simple to get both the user and root flags.

Lets begin with a simple NMAP scan by using the command:

nmap -sC -sV 10.10.221.152

Port 22 and 80 are open. Lets check the Web-Page first:

Seems to be a simple website and the page source of the main page reveals a potential username — “john”

Lets do some directory busting using the dirsearch (https://github.com/maurosoria/dirsearch):

/opt/tools/dirsearch/dirsearch.py -u 10.10.221.152 -E -x 400,500 -r -t 100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Check what is in these two links on the website:
http://10.10.221.152/uploads/ ==> A potential password list — dict.lst
http://10.10.221.152/secret/ ==> A potential SSH key — may be for user — john

Used hydra to brute force both the users john and root using dict.lst, but no success. Used the following commands:

hydra -s 22 -v -q -l john -P dict.lst -e nsr -t 4 -w 5 10.10.221.152 ssh
hydra -s 22 -v -q -l root -P dict.lst -e nsr -t 4 -w 5 10.10.221.152 ssh

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204