Jack-of-All-Trades ( TRYHACKME)

NMAP

Nmap -sC -sV -A <IP>

The tricky part is the ports for services. Usually, ssh has to be in 22. Be careful in this part.

Enumerate website

Every time I enumerate the website after I run Gobuster and Nikto, I start checking the source code, usually, CTF has something inside of the source code.

I find a base64 code and a directory on the main page. This was code noted on my notepad. I’m going to decode it and see what it has.

I have a password. It’s good but I do not know where I use it. On the first page, I find a /recover.php directory in the source code. This path probably has a login page. We still need a username to log in.

Gobuster

I run Gobuster to find more directories. /Assets directory has some pictures in it. Every time I see some pictures in files. I download them and check them out for secret things inside. It doesn’t happen in the real world but we are doing CTF right now.

Steganography

We use the password ‘’u?WtKSraq’’ to unlocked this jpg. Right now we have creds. Let’s log in.

Reverse Shell

We see the comment down beloved, after this point, I can use Netcat to get a reverse shell.

Enumerate Machine&Priv Esc

After I enumerate the machine, I find some password files and did brute force as ssh for user jack.

I have ssh credentials. I need to log in and get the user flag then keep going. The user flag was inside the user.jpg.PRIV ESC is kind of easy because you have the privilege to use Strings. Strings can read the text without privileges.