This write-up is based on TryHackMe’s room named Gaming Server and can be found at:-
Description says that is an easy Boot2Root box and the task is simple to get both the user and root flags.
Lets begin with a simple NMAP scan by using the command:
nmap -sC -sV 10.10.221.152
Port 22 and 80 are open. Lets check the Web-Page first:
Seems to be a simple website and the page source of the main page reveals a potential username — “john”
Lets do some directory busting using the dirsearch (https://github.com/maurosoria/dirsearch):
/opt/tools/dirsearch/dirsearch.py -u 10.10.221.152 -E -x 400,500 -r -t 100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Check what is in these two links on the website:
http://10.10.221.152/uploads/ ==> A potential password list — dict.lst
http://10.10.221.152/secret/ ==> A potential SSH key — may be for user — john
Used hydra to brute force both the users john and root using dict.lst, but no success. Used the following commands:
hydra -s 22 -v -q -l john -P dict.lst -e nsr -t 4 -w 5 10.10.221.152 ssh
hydra -s 22 -v -q -l root -P dict.lst -e nsr -t 4 -w 5 10.10.221.152 ssh
![Dav Tryhackme Writeup [Detailed]](https://miro.medium.com/v2/resize:fit:1358/1*iIpvyAnKbUs4XFlv9mK0Rg.png)
