TryHackMe | Mr. Robot walkthrough

Based on the Mr. Robot show

This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.

Reconnaissance

Starting with a nmap scan

nmap -sS -sV -A <IP>

Open ports:

22 : SSH

80 : http

443 : https

Checking the website on port 80

Checking robots.txt

  1. Found a dictionary fsocity.dic
  2. first key _key-1-of-3.txt

Using dirbuster to scan the IP address

Checking admin page

Now intercepting the login request in burpsuite and using the dic file we found to brute force it

Capture request in burp suite and forward request to intruder tab.

Select sniper attack type, Select the username and password as parameter

Load fsocity-1.dic dictionary as data input for username, start the attack.

Found user name, now find password with same dictionary file

Password found

Password found

Login with found username and password to wp-login page as the site is based on wordpress

Search for page where php-reverse shell can be uploaded to get reverse shell.

Found 404.php > updated php-reverse-shell here

Start listener nc on kali machine, and browse the updated template page in browser.

nc -nlvp 4444

Try to spawn shell:

python -c ‘import pty; pty.spawn(“/bin/sh”)’ python -c ‘import pty; pty.spawn(“/bin/sh”)’

Found 2nd flag!

su robot

Escalate privileges and search for 3rd flag!

Search for users privilege permission:

find / -perm /4000 -type f 2>/tmp/2

Got root access

nmap — — interactive

Found 3rd flag

--

--

--

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Setting up VPS for Bug-bounty Automation.

{UPDATE} memewar.io Hack Free Resources Generator

CyberHoot’s 3–2–1 Backup Guide

Google Docs (MALWARE followup)

DMARC and Lookalike Domains: How to Protect Your Customers from Getting Duped

{UPDATE} RAPoker Hack Free Resources Generator

Beginner Focused Cybersecurity Training: TryHackMe Pre-Security Learning Path

Savage Security October 2017 Newsletter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prateek Parashar

Prateek Parashar

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.

More from Medium

My first project in Masai School

MEMORIES THAT KILL…

Examples of Nonprofits

Cold Shower Challenge