📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
      • Random
Powered by GitBook
On this page
  • Recon
  • Gain Access
  • Escalate
  • Looting
  • Post-Exploitation

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

Ice

PreviousLinux: Local EnumerationNextLinux Backdoors

Last updated 3 years ago

Was this helpful?

Recon

Lets run some nmap scan to find open ports and services

The hostname is Dark-PC as we can see in the nmap scan

Gain Access

The type of vulnerability can be found on CVE Details

We will be using Metasploit to gain access to the machine so lets start Metasploit.

Lets search for the vulnerability and set the right options

Now lets run the exploit

We have a shell on the machine

Escalate

To who we are on the machine and information related to the machine, we can use the sysinfo command

Lets run the module that will give us exploits that we can use to privilege escalate to a higher privilege user on the machine.

Now lets background this session using the command "background" and list the active sessions, then lets select the first exploit we just found and set the session number to the session we just backgrounded using the command "set sessions 1" .Now we have to set the right options and run the exploit. Once the command has been run, we can access the machine using the command "sessions 1".

Now we are in the machine as a higher privilege user, we can check this by using the command "getprivs"

Looting

Lets now follow the steps in the room

Post-Exploitation

With the help command we can answer the questions in the this task

Specifying port 8000 as mentioned in the instructions in the room