TryHackMe: Library CTF Walkthrough
Hello Readers! Today's walk through the Library CTF machine from TryHackMe . The room is simple and fun, it contained basic penetration testing and privilege escalation. The main goal of this room is to get two flags from user.txt and root.txt.
First thing that we always have to do is connect your machine with tryhackme network through VPN.
Enumeration And Findings
Let us start our enumeration as usual with nmap.
As the result of the scan, we have got two ports open and they are 22/TCP SSH and 80/TCP HTTP.
Let’s check the HTTP service with browser.
I didn’t get what I was looking for but as I have an eye on blog author or posted person’s name.
As you can see from the above nmap scan screenshot, as per the scan result, we found /robots.txt directory.
When I checked the directory /robots.txt in browser, I got myself a hint to look into rockyou.txt.
Here I am using nmap for brute force user credentials.
nmap -p 22 --script ssh-brute --script-arg userdb=sshuser.txt,passdb=/usr/share/wordlist/rockyou.txt <IP>
Here, I got the possible username list in sshuser.txt and a hint to check with the password. As per the scan result, there is another service open and it is SSH.
And I found the password and valid user for ssh login.
Wow, we got the password let’s login to the system through ssh with the credentials.
I got the shell as normal user and we have the flag of user.txt
I need to logged in root user to get the flag of root.txt. By typing sudo -l, you can see that we can run the bak.py file at the path /home/meliodas.
But by running it, we just get a Permission denied error..
So I replace and edit some details in bak.py
Here I backed up the bak.py for future if my code is not work so we can reverse this file
Finally, I got the root access to the system. Let’s check for root.txt file.
Found both the flags and completed the Library CTF room.
Submit he both flag and BOOM!
Thanks for reading and I hope you liked this blog.