top of page

Bounty Hacker - THM

  • aldern00b
  • May 30, 2022
  • 1 min read

You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker!


You were boasting on and on about your elite hacker skills in the bar and a few Bounty Hunters decided they'd take you up on claims! Prove your status is more than just a few glasses at the bar. I sense bell peppers & beef in your future!


Deploying the machine was easy so there's the first question down ;) - let's enumerate, as always, with an nmap.


Looks like 3 open ports - FTP, SSH and an Apache web server

ree

Since we don't have any credentials, the only thing we can do is hit that website. Looks like it takes us to a cowboy bebop site with some of the speech we heard in the room introduction.


Ran a dirb and gobuster but nothing - just an images folder with the header graphic. The hint asks us to check FTP and look at that... it allows anonymous usage.

ree

Let's download both of the files we see in there and check 'em out.

ree
The answer is lin

Using Hydra, we can take that username and the locks file and figure out the password for ssh.

ree
The answer is ssh
The next answer is RedDr4gonSynd1cat3

We then SSH into the system with the credentials and pop the user flag.

ree
The answer is THM{CR1M3_SyNd1C4T3}

Let's see what we can sudo

ree

okay so tar... let's go find out what we can do with that from GTFO Bins

ree

sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
ree

We move into /root and cat the file there to get the last flag.

The answer is THM{80UN7Y_h4cK3r}

Recent Posts

See All

Comments


AlderN00b

I.T. Admin    |    Hacking    |    Learning

©2022 by AlderN00b. Proudly created with Wix.com

bottom of page