TryHackMe — Kenobi

Task 1

1-)Make sure you’re connected to our network and deploy the machine

No Answer Needed

2-)Scan the machine with Nmap, how many ports are open?

7

Task 2

1-)Using the Nmap command above, how many shares have been found?

3

2-)Once you’re connected, list the files on the share. What is the file can you see?

log.txt

3-)What port is FTP running on?

21

4-)What mount can we see?

/var

Task 3

1-)What is the version?

1.3.5

2-)How many exploits are there for the ProFTPd running?

4

3-)We know that the FTP service is running as the Kenobi user (from the file on the share) and an ssh key is generated for that user.

No Answer Needed

4-)We’re now going to copy Kenobi’s private key using SITE CPFR and SITE CPTO commands.

We knew that the /var directory was the amount we could see (task 2, question 4). So we’ve now moved Kenobi’s private key to the /var/tmp directory.

No Answer Needed

5-)We now have a network mount on our deployed machine! We can go to /var/tmp and get the private key then login to Kenobi’s account.

6-)What is Kenobi’s user flag (/home/kenobi/user.txt)?

d0b0f3f53b6caa532a83915e19224899

Task 4

1-)What file looks particularly out of the ordinary?

/usr/bin/menu

2-)Run the binary, how many options appear?

3

3-)We copied the /bin/sh shell, called it curl, gave it the correct permissions, and then put its location in our path. This meant that when the /usr/bin/menu binary was run, it's using our path variable to find the “curl” binary.. Which is actually a version of /usr/sh, as well as this file being run as root it runs our shell as root!

No Answer Needed

4-)What is the root flag (/root/root.txt)?

177b3cd8562289f37382721c28381f02

--

--

--

Security Analyst | hacks and secures | Web Application Pen-tester.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Gradle & AndroidX compatibility

BTC dedicated casino, up to 2BTC can be withdrawn! Arrived in seconds!

Situation with Langtang Valley Nepal #camping read here: https://t.co/GdRs9rI3hg

CORS Error in React.js

How to Link Your Angular App to MDBootstrap

New JavaScript Features That Makes Front-End Development So Much Easier

Webpack vs Rollup

5 JavaScript Destructuring Tricks

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joseph Musando

Joseph Musando

Security Analyst | hacks and secures | Web Application Pen-tester.

More from Medium

DHCP Writeup | TRYHACKME

TryHackMe: Network Fundamentals — Intro to LAN a Walkthrough

TryHackme: Overpass by NinjaJc01

Log4j Malware — Charming Kitten