Bebop – Try Hack Me

Hello guys. I had a few weeks off the blog because i studied for eCPPT, took the exam, and i’m waiting right now for a feedback(if i passed or not).

This is a 5 minutes box. That’s how much it would take you to get root on it.

Let’s deploy the machine, and give it a scan. I also did a full range port scan just to be sure i don’t miss anything.

NMap Scan

I tried to connect to telnet on port 23, using the login user pilot (which is also the codename we were given) and it successfully prompts a low privileged user shell as can be seen in the next image.

Successful login

We read the user flag, and proceed to privilege escalation. Enumerating the system, one of the first commands i try is sudo -l to see if i can run any service or other files as another user (usually hoping to be able to run it as root) and boom, we can run a file called busybox as root.

Privilege escalation

As you can see in the image above, we were able to read the root flag.

As i said, this is a 5 minutes box. I’ll also start posting on the blog more frequently since i finished the exam and freed my time.