Tryhackme Strike — Writeup

Hi folks, today I am going to share writeup of Strike, my first machine created on Tryhackme platform. Strike is an extremely easy machine and intermediate hackers will find it very easy to solve, this is the reason I named it 10 min CTF :)

So without wasting more time, let’s jump right into hacking.

Initial Recon

As usual, I scanned all ports with Nmap.

Command: nmap -p- — open <IP>

We notice that there are 2 open ports: 22, 80. SSH service is running on port 22 and HTTP service is running on port 80.

After opening web server with URL: http://<IP>/

We see that is a basic web server with nothing but a simple line. When viewing the source code of the website. We do see something interesting in the comments though.

Gaining Foothold

Hmm.. “common” word catches us immediately. Let’s try to brute force the directories of this web server with common.txt wordlist from Seclists.

So after few minutes, it showed that ‘message’ directory was showing 200 response code.

After seeing message directory, we see that there is another file named ‘message.txt’

That file contained some base64 encoded text which when decoded, showed some credentials. Didn’t get trolled :)

After attempting to do SSH with trolled user, we see that we are now logged in as trolled user.

Looking at the home directory of the user, we have our user flag.

Privilege Escalation

So for priveasc, you can run scripts like linpeas (for Linux) and winpeas (for Windows). But I always recommend to check some clues in the home directory of current user first.

When analysing all the files in home directory of trolled user, we find credentials of another user in ‘.bashrc’ file. See I told you it was easy :)

Let’s try to change our user to newly found creds. Yup, it logged in. Now, let’s check the sudo permissions of this user.

Woah, user strike can run all commands on the system with sudo privileges. Let’s try to change user to root.

And Voila! we are now root. Going in the /root directory we see our final flag floating there and BOOM, you have pwned Strike.

A lot of you guys might be thinking that this is such an easy box. But it is just my first machine I have created. So I wanted my box to beginner-friendly. So all of the folks who are just getting started in Cyber security and CTF solving, this box is for you.

If you are still reading this, thankyou so much for keeping up. It gives me so much motivation. If you find any problems in the box, kindly reach out to me Adnan Ullah Khan (ByteSec) on Twitter.