[THM] Bounty Hacker

The box was created by Sevuhl for Try Hack Me. You can access the room by clicking here.

Start with a NMap Scan.

Initial scan

Because anonymous access is enabled on the FTP service we could check out what we can find there. Connecting to FTP we have the possibility of downloading two files. One contains something that looks like a password list and the other some notes.

Files content

We might have a username. Let’s try to bruteforce ssh using what we consider to be the password list.

Bruteforcing SSH

It seems we have gained foothold to the target system. Login and start enumerating the system.

Logging in and enumerating

Using GTFOBins we can do the privilege escalation.

Priv Esc