Overpass 3-Hosting-TryHackMe

Enumeration

# Identify the list of services running on the target machine

Directory Busting

Lets use gobuster:

  1. priv.key

Reverse Shell

Try these credentials with FTP and we will find that user “paradox” works.We can also see that the ftp directory allows us to upload files. We will upload a php reverse shell,execute it and will catch it with netcat.

Web Flag

The web flag was a bit difficult to find, but ultimately found it using

Privilege Escalation

Now we have a stable shell,it is time to do privilege escalation. Transfer “linpeas.sh” to the target and run it to see if we can find anything that can help us in escalating our privileges:

Tunneling

We will use an awesome tool called chisel to do our pivoting/tunneling.You can get the tool from here and build it using very simple instructions given in the tool’s description: https://github.com/jpillora/chisel
Build and transfer chisel on to the target machine and run it on the kali and on the target as:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store