TryHackMe: Bebop

Bebop is an easy machine from TryHackMe that emulates a drone. In it we will exploit a telnet service without password and the execution of busybox as super user.

As usual in TryHackMe, we must connect to the VPN or use the AttackBox. I will choose the VPN. We press the Start Machine button, and a minute after, they show us the IP address. Now, we proceed to do the initial recognition with Nmap:

nmap -p- -sV -Pn $IP

The -p parameter with the hyphen indicates to scan all ports, the -sV parameter to fingerprint the versions used, and -Pn to scan the machine even if it does not respond to ping.

We can see that the machine has few services open, only SSH and telnet. Connecting to the telnet with the username the room gives us, we can get a low privilege shell.

Now, it’s time to escalate privileges. We find that our user can execute busybox with root privileges.

Allowing busybox as sudo is a known way to escalate privileges since we can execute a lot of other binaries as sudo.

One of the most dangerous is sh, which allows us to spawn a shell as root.

I hope you enjoyed my article and found my content useful. See you in the next article.