Inferno — TryHackMe

Write-up for TrayHackMe’s room named Inferno:-Real Life machine vs CTF. The machine is designed to be real-life and is perfect for newbies starting out in penetration testing. This room can be found here:

https://tryhackme.com/room/inferno

This is straight boot2root box where we need to find user and root flags.So let’s jump right in to enumeration with nmap.

Enumeration

NMAP

Run a simple nmap scan to check what is running on this box.

kali@kali:/tmp$ nmap -sC -sV 10.10.246.58
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-13 13:15 EST
Nmap scan report for 10.10.246.58
Host is up (0.083s latency).
Not shown: 967 closed ports
PORT     STATE SERVICE       VERSION
21/tcp   open  tcpwrapped
22/tcp   open  ssh           OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 d7:ec:1a:7f:62:74:da:29:64:b3:ce:1e:e2:68:04:f7 (RSA)
|   256 de:4f:ee:fa:86:2e:fb:bd:4c:dc:f9:67:73:02:84:34 (ECDSA)
|_  256 e2:6d:8d:e1:a8:d0:bd:97:cb:9a:bc:03:c3:f8:d8:85 (ED25519)
23/tcp   open  tcpwrapped
25/tcp   open  tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
80/tcp   open  http          Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Dante's Inferno
88/tcp   open  tcpwrapped
106/tcp  open  pop3pw…