Brooklynn 99

FTP Anon - Stegnography - Password Cracking - GTFObins

1st Method

  • There were 3 ports open - 21 , 22, and 80

  • FTP anonymous access was allowed - checked ftp server - found note_to_jake.txt

  • The text file revealed a user called jake and told his password was too weak - Ran hydra on ssh with the user jake and rockyou.txt

  • Found the ssh password and got a shell !

2nd Method

  • Enumerating port 80 - had a comment in its source code saying

Have you heard of stegnography ?

  • Immediately downloaded the /brooklynn99.jpg - Ran steghide --extract -sf brooklynn99.jpg

  • Asked for a passphrase - Ran stegcracker / stegseek to bruteforce the password - Found !

  • Extracted the jpg using steghide - Gave us the user Holts ssh password - Got a shell

Privilege Escalation

  • 1st method user will have a binary running as root - /usr/bin/less

  • 2nd method user will have a binary running as root - /usr/bin/nano

  • For Both of them you know what to do !

PreviousIgniteNextc4ptur3th3fl4g

Last updated