This write-up is based on TryHackMe’s room named Gaming Server and can be found at:-
Description says that is an easy Boot2Root box and the task is simple to get both the user and root flags.
Lets begin with a simple NMAP scan by using the command:
nmap -sC -sV 10.10.221.152
Port 22 and 80 are open. Lets check the Web-Page first:
Seems to be a simple website and the page source of the main page reveals a potential username — “john”
Lets do some directory busting using the dirsearch (https://github.com/maurosoria/dirsearch):
/opt/tools/dirsearch/dirsearch.py -u 10.10.221.152 -E -x 400,500 -r -t 100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt