TryHackMe — Brooklyn Nine Nine WriteUp/Walkthrough
Easy enough for beginners Description and walkthrough of TryHackMe’s Brooklyn Nine Nine room, complete with solutions. You can find the room here.
The Contents of the Room
- Task 1: User flag
- Task 2: Root flag
First, let’s use Nmap on the assigned IP address to discover that there are three open ports: ssh, http, and ftp.
Let’s connect to the ftp with anonymous and see if we find any files.
A file called note_to_jake.txt is located.
We extracted the file note_to_jake.txt using get command.
We open the file note_tojake.txt using cat command and see the detail inside the file which will help us in further investigation.
From this we get the detail the username is Jake.
Now we got some hint so let's try to brute force the password with hydra and the rock you wordlist with the below command
sudo hydra -l jake -P /usr/share/wordlists/rockyou.txt $IP ssh -t 4 -f
Now we find the password lets login in ssh. And we find the User Flag
Using the cat command we can see the user text.
Answer 1: ee11cbb19052e40b07aac0ca060c23ee
Task 1 is completed and we starting to work on Task 2.
Let’s try privilege escalation now. To find any binaries we can run as sudo, run the command sudo -l first.
We find less, let’s search for it on gtfobins.
Let’s run the command. After that we get the access in root and we find the root flag.
Answer 2: 63a9f0ea7bb98050796b649e85481845