Write-up for Watcher — another TryHackeMe’s room which is a boot2root Linux machine utilizing web exploits along with some common privilege escalation techniques.This room can be found here:-
As usual, let’s start with our enumeration process with nmap.
Enumeration
NMAP
# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.0.46
┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -sS -Pn -T4 -p- 10.10.0.46 130 ⨯
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-17 17:01 EST
Nmap scan report for 10.10.0.46
Host is up (0.071s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 19.84 seconds
# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p21,22,80 10.10.0.46
┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -O -A -Pn -T4 -p21,22,80 10.10.0.46
Host discovery…