Year of the Fox — TryHackMe

0xsanz
5 min readJan 3, 2021

This is the write-up for TryHackeMe’s room named Year Of the Fox.

This room can be found here:- https://tryhackme.com/room/yotf

Enumeration

# Identify the list of services running on the target machine

sudo nmap -sS -Pn -T4 -p- 10.10.54.128

# Perform further information gathering on the open ports identified above

sudo nmap -O -A -Pn -T4 -p80,139,445 10.10.54.128

Web Enumeration:

Lets explore more by opening the web-page at port 80

We can try some common usernames and passwords, but in our case those didn’t work. Let us capture the login request in Burp Suite and send it to repeater to analyse further:

So we are up against Basic Authentication and hint is that we need to guess the password.

Enumerate Username:

We will use enum4linux next generation script to enumerate usernames. This script can be found here- https://github.com/cddmp/enum4linux-ng:

/opt/tools/enum4linux-ng/enum4linux-ng.py -R 10.10.54.128

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204