TryHackMe write-up: Brooklyn Nine Nine (Second Method)

Introduction

This is my 2nd write-up for TryHackMe’s Brooklyn Nine Nine Room. According to the room description, there are 2 ways to root the box. The first method was described in an earlier post. The 2nd method will be described here.

Enumeration

Using nmap, I saw that this box is running FTP, SSH and HTTP.

It turns out, FTP allows anonymous access.

Downloading the note, I found that one user uses a weak password.

Exploitation

Running hydra, I quickly find the password.

Using the cracked password, I was able to SSH to the target.

A simple find command allowed me to find the location of user.txt. Turns out I have read access to it.

Privilege Escalation

Checking for sudo privileges, I found that I could run “less” under sudo.

According to GTFOBins, “less” can be used to elevate privileges.

Running “sudo /usr/bin/less /etc/profile” opens /etc/profile inside the “less” viewer. Following the instructions from GTFOBins, I typed in the following from inside “less”:

!/bin/sh

This started “sh” as root, thus giving me elevated privileges. I was then able to view the contents of root.txt.

--

--

--

I like breaking stuff.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Chainalysis launches a round the clock assist response program for crypto crime- Crypto News

{UPDATE} Word Connect Finder Challenge Hack Free Resources Generator

Walking an Application -TryHackme

THM Advent-of-cyber 2021 Day16

Combating smartphone cyberattack in Qatar

A Developer’s Guide to GDPR that won’t make you sweat

How Blockchain + Zelcore = The Ultimate Crypto Security Experience

htaccess File: What is it? And How to Use it?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
m0ndzon3

m0ndzon3

I like breaking stuff.

More from Medium

Beep | HackTheBox writeup

Hack The Box: Getting User Level Privilege

UltraTech Writeup

HTB — Starting Point Track: Meow Writeup