TryHackMe LookUp

Posted Jan 25, 2025 Updated Jan 26, 2025

By

1 min read

#LookUp

Test your enumeration skills on this boot-to-root machine.

###Initial recon

cant find anything intersting

inorder to load the site add lookup.thm to /etc/hosts

<ip> lookup.thm

So we can load the site

run a directory scan

cant find anything so try some common credentials

the replay says wrong password so i found one user name which is ‘admin’

next is to find a password

i used hydra and found out the password password123

when we try admin username and the given password it wont work so there will be some other username is there try to find it with the same password. i used ffuf to find the username

jose:password123 we got the credentials to login

when we try to login is shows another domin name

add this to etc/hosts

search for the exploit associated with it

Better to use msfconsole to do this

exploit it

find the permissions

use this to get the list of passwords for the user think

bruteforce ssh with this password

got the username and password get the userflag

use sudo -l find if ther is any suid bits set

we can use this to read the root flag

##Thank You

This post is licensed under CC BY 4.0 by the author.