TryHackMe CC Pentesting Writeup by Ashraful Alim System Weakness

TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Get unlimited access Open in app
Published in System Weakness
Ashraful Alim Follow
Jan 8 · 5 min read · Listen
Save
TryHackMe: CC Pentesting | Writeup
Welcome.
CC Pentesting room from TryHackMe is a kind of crash course because it covers various
topics related to pentesting. Though it is a very long room, I have included all the
solutions here.
There are 7 sections for this room.
1 of 20 05/11/2022, 8:57 AM
1. Section 1: Network enumeration

2. Section 2: Web enumeration
3. Section 3: System Hacking
4. Section 4: Hash cracking
5. Section 5: Web Hacking (SQLi)
6. Section 6: more Network enumeration
7. Section 7: Final Challenge
Below I am going to describe each section separately.
Section 1
Network Enumeration tools:
• For Network Enumeration, nmap is a very effective tool
• To answer the question in this Task, nmap cheat sheet is enough: Link
2 of 20 05/11/2022, 8:57 AM
Task 2 Solution
• Netcat is called — Swiss army knife. Because it can do so many things for network
enumeration and hacking
• To answer questions about netcat, this cheat sheet is handy.
3 of 20 05/11/2022, 8:57 AM
Task 3 Solution
Section 2
Web Enumeration:
• For web enumeration, especially brute force, gobuster is a useful tool
• To answer a basic question about gobuster cheat sheet is useful: Link
• Command: gobuster dir -u http://[IP] -w [wordlist] -t 64 -x xxa
• Wordlist for this challange: /usr/share/wordlists/dirb/common.txt
4 of 20 05/11/2022, 8:57 AM
Task 4 Solution
• Nikto is a web scanner tool with various functionality
• Basic usage of this tools can be found in this wiki
• Another useful cheat sheet: Link
5 of 20 05/11/2022, 8:57 AM
• Command to list plugin: nikto --list-plugins

Nikto plugin for Apache
Task 5 Solution
Section 3
6 of 20 05/11/2022, 8:57 AM
System Hacking:
• Metasploit is a multipurpose tool for hacking
• Sans cheat sheet describes well the options for metasploit: Link
“advanced” options shows more info in Metasploit
Task 7 Solution
• To select any module, we can use either the serial number (here 0) or the full
pathname of that module
7 of 20 05/11/2022, 8:57 AM
• Using basic commands from the cheat sheet, we can select and use any module.
Picture below:
Using EternalBlue
8 of 20 05/11/2022, 8:57 AM
Task 8 Solution
• Meterpreter basics : link here
• Another useful cheat sheet of metasploit: https://www.stationx.net/metasploit-

cheat-sheet/
9 of 20 05/11/2022, 8:57 AM
Task 9 Solution
• Final Walk through of this section (picture below)
10 of 20 05/11/2022, 8:57 AM
Metasploit target options setting
exploiting the target and searching information
Section 4
11 of 20 05/11/2022, 8:57 AM
• Online hash cracker: https://crackstation.net/

• hash example list link. Model number is useful for cracking.
• hashcat cheat sheet to solve basic answer: Link here
hash cracking online
Task 13 Solution
• John the ripper is another great tool for cracking. Here is the cheat sheet.
• To crack, save the hash in a file first
12 of 20 05/11/2022, 8:57 AM
• Command: john --show --format=[type] [hash file]

Task 14 Solution
Section 5
• sqlmap is an automated SQL injection detection and exploitation tool
• Useful cheatsheet: Link here
13 of 20 05/11/2022, 8:57 AM
Task 16 Solution
• sqlmap will auto detect and exploit the challenge site.
• Command: sqlmap -u http://[IP] --forms --dumps
• Simply Answering Yes/No will auto exploit and show database
14 of 20 05/11/2022, 8:57 AM
SQL database dumped auto
15 of 20 05/11/2022, 8:57 AM
Task 18 Solution
Section 6
• smbmap is a great tool for smb enumeration.
• Official documentation is enough to answer basic question. Link here
16 of 20 05/11/2022, 8:57 AM
Ready to learn something new?

Sign up here to get the latest post, tutorials and tips on Cyber Security
Emails will be sent to navin.jsk@gmail.com. Not you?
Subscribe
Task 20 Solution
• Help menu for smbmap and smbclient shows enough basic info to run the tools
• Command: smbclient -h
17 of 20 05/11/2022, 8:57 AM
Task 21 Solution
Section 7
This is a CTF challange. Below I am describing the process to solve it.
Enumeration:
Target IP shows Default Apache website. As there is web, so web enumeration (directory brute
force) is needed.
Command: gobuster dir -u http://[IP] -w [wordlist] -t 64
• I have used medium size directory list. It took some time to finish
• Scan only showed /secret directory. But the page is blank
• I need to scan this /secret directory again because there is no other directory/ info
available.
• Brute forcing again shows /secret/secret.txt And it reveals a hash
18 of 20 05/11/2022, 8:57 AM
Final challange hash
Exploitation:
• Online hash cracker shows the hash value is: nyan
• SSH attempt is succeful with this username and password. So I have initial access
SSH connection
• Simple listing shows the user flag
user.txt
• If I list the sudo access (sudo -l) it says that — nyan can run /bin/su without any password
19 of 20 05/11/2022, 8:57 AM
• With this sudo access, I can list root directory and read the root flag
root flag
If you find the write up useful, please share — Sharing is Caring ❤
20 of 20 05/11/2022, 8:57 AM

TryHackMe CC Pentesting Writeup by Ashraful Alim System Weakness

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

TryHackMe CC Pentesting Writeup by Ashraful Alim System Weakness

Uploaded by

Copyright:

Available Formats

TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness

Get unlimited access Open in app

Published in System Weakness

Ashraful Alim Follow

Jan 8 · 5 min read · Listen