TryHackMe — Inferno

Source

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

First Things First

Deploy the target machine (this machine might take upto 3–5 minutes to load and accessible)
There are two ways to access the deployed target machine.
1) Use attacker box — Provided by TryHackMe, it consist of all the required tools available for attacking.
2) Use OpenVpn configuration file to connect your machine (kali linux) to their network.
For the sake of demonstration I am using OpenVPN connection on my Kali Linux machine.

We won’t be using Metasploit for this challenge

All of my further commands will be executed as normal user not as root. So, if you’re also not executing all the commands as root then make sure to use sudo, as it can give you permission to run elevated programs.

There are two flags to collect to complete this room.

Enumeration

Nmap Result
GoBuster Result
HTTP Basic Auth
Hydra Result
Authentication
IDE
RCE
Config

Note: For some weird reason the reverse connection was unstable and it was disconnecting often, IDK, if it happened to only me or everyone.

No permission
.dat file
Password
login
user flag
List user privileges
edit sudoers
access bash
root flag

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store