This room of tryhackme is a very basic and beginner level CTF which will introduce us with :-
- brute forcing
- hash cracking
- service enumeration
- Linux Enumeration
This will help you understand what a pen-testing look like in the real world. It's a very good room overall.
Question 1: What is the name of the hidden directory on the web server(enter name without /)?
answer: For this type of challenges or any webserver finding there are two tools which you should run on the first glance Nmap and Gobuster(you can also use dirbuster). This will give you kind of initial idea of the target . so if we look at out nmap scan it will look something like this......
Question 2: What is the username?
Answer: We know from out nmap scap that the operating system running on the server is Ubuntu Linux. So we know what's next we have to enumerate this machine . There is a very good tool called enum4linux for that. After some time we can see that it has got some very useful information for us and we can also find the usernames on the machine.Find out which one is correct......
Question 3: What is the password?
Answer: Hmm....now we got the username but it's no use if we don't have the password for it. So what to do? There is a tool called hydra which is very good network logon cracker. so after running hydra we get the passwords also
Question 5: What service do you use to access the server(answer in abbreviation in all caps)?
Answer: We saw in our nmap scan that port 22 is open. If you don't know port 22 is generally used for ssh. so we have the username jan and the password armando . so we can try to log in via SSH.
Question 6: What is the name of the other user you found(all lower case)?
Answer: when we enumerated linux machine we found two usernames there one was the Jan and other was Kay.
Question 7: What is the final password you obtain?
Answer: So, now we are in the Jan's account. after navigating the files we didn't get anything useful here
But when we changed this directory we got Kay's user directory. So let's see what we find there. After checking all directory we found out .ssh as a hidden directory. When we enter into this directory we found out Kay's private key for ssh.
id_rsa is the key which we can use to access Kay's account without providing id and password via ssh. But right now we can't use this key because this key is password protected. so we need to crack this password which we can do with a excellent tool called John the ripper. We need to convert this key to John format so that it can crack the password.
So the id_rsa key's password is cracked which is beeswax. So now let's access into Kay's account.
After searching Kay's directory we get a file called pass.bak
and we cat the pass.bak and see what we got!
So the final Answer is heresareallystrongpasswordthatfollowsthepasswordpolicy$$
Nice.................