This is a write-up for TryHackme’s room named “Tokyo Ghoul”. Please find this room here:
Task is to find the user and root’s flag and along the way answer the questions asked. So let’s Help kaneki escape jason room and start enumeration process using NMAP.
Enumeration
NMAP
# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.0.178
$ sudo nmap -sS -Pn -T4 -p- 10.10.0.178
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p21,22,80 10.10.0.178
$ sudo nmap -O -A -Pn -T4 -p21,22,80 10.10.0.178
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_drwxr-xr-x 3 ftp ftp 4096 Jan 23 22:26 need_Help?
| ftp-syst:
| STAT:
| FTP server status:
| Connected to ::ffff:10.8.98.192
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At…