TryHackMe write-up: Brute It


This is my write-up for TryHackMe’s Brute It Room.


Using nmap, I found that this box had 2 ports open.

Checking port 80, I see the default Apache web page.

I then used gobuster to search for any folders.

The new folder leads to a login page.


Looking at the source code, I found a username.

So the username is in the source’s comments. Now, all I needed to do was to find the password. This was accomplished by using hydra.

After finding the password, I was able to login. Here, I found the first flag.

There was also a link to download the SSH private key.

Trying to login via SSH using the private key proved futile at the moment. To be able to use the key, I needed to know the key’s password. To do so, I had to use both ssh2john to convert the key and then run john to crack the hash.

Once the key’s password was cracked, I was able to successfully login.

Privilege Escalation

Checking for sudo privileges, it turns out I could run the cat command as root. I then proceeded to check /etc/shadow to get the root hash.

Running john again to get the root password, I was able to su as root.




I like breaking stuff.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Blockchain + IoT: A Perfect Match

SPOT 2021 Q1 Report

Authentication based on Geo-velocity

Pika Finance ⚡ 1Inch Exchange

🔥 Discover ways to earn VRA on BIZVERSE’s SocialFi

DocuChain Platform

Internet Censorship Research Presentation for National CS Ed Week

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


I like breaking stuff.

More from Medium

TryHackMe - Kenobi Walkthrough

TryHackMe CVE-2021–41773/42013 Write-up SMN666

TryHackMe: Mr. Robot CTF Writeup

Network Services (FTP) — Tryhackme