TryHackMe: Brooklyn 99

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Brooklyn 99 challenge.

Room: https://tryhackme.com/room/brooklynninenine
Level: Easy

Task: This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box.

Lets get started

The task says there is 2 method to access the root. Lets go all the way if can find it

As usual, open the IP in browser first.

There is a hint “Have you ever heard of steganography?”. Might be something from the wallpaper. Because Im too lazy, using online decoder, unfortunately, nothing!

But it’s okay, let’s run both gobuster and nmap.

# gobuster dir -u 10.10.61.X -w wordlists/dirb/common.txt -t 20

No luck from gobuster. Tried different directory dict also no luck.

# nmap -T4 -A -sS -sS -p- 10.10.61.61
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0             119 May 17  2020 note_to_jake.txt
| ftp-syst:
|   STAT:
| FTP server status:
|      Connected to ::ffff:10.8.163.74
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 4
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 16:7f:2f:fe:0f:ba:98:77:7d:6d:3e:b6:25:72:c6:a3 (RSA)
|   256 2e:3b:61:59:4b:c4:29:b5:e8:58:39:6f:6f:e9:9b:ee (ECDSA)
|_  256 ab:16:2e:79:20:3c:9b:0a:01:9c:8c:44:26:01:58:04 (ED25519)
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title…