TryHackMe | Mr. Robot walkthrough

Based on the Mr. Robot show

This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.

Reconnaissance

Starting with a nmap scan

nmap -sS -sV -A <IP>

Open ports:

22 : SSH

80 : http

443 : https

Checking the website on port 80

Checking robots.txt

  1. Found a dictionary fsocity.dic
  2. first key _key-1-of-3.txt

Using dirbuster to scan the IP address

Checking admin page

Now intercepting the login request in burpsuite and using the dic file we found to brute force it

Capture request in burp suite and forward request to intruder tab.

Select sniper attack type, Select the username and password as parameter

Load fsocity-1.dic dictionary as data input for username, start the attack.

Found user name, now find password with same dictionary file

Password found

Password found

Login with found username and password to wp-login page as the site is based on wordpress

Search for page where php-reverse shell can be uploaded to get reverse shell.

Found 404.php > updated php-reverse-shell here

Start listener nc on kali machine, and browse the updated template page in browser.

nc -nlvp 4444

Try to spawn shell:

python -c ‘import pty; pty.spawn(“/bin/sh”)’ python -c ‘import pty; pty.spawn(“/bin/sh”)’

Found 2nd flag!

su robot

Escalate privileges and search for 3rd flag!

Search for users privilege permission:

find / -perm /4000 -type f 2>/tmp/2

Got root access

nmap — — interactive

Found 3rd flag

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prateek Parashar

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.