Professional Documents
Culture Documents
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Save
Welcome.
CC Pentesting room from TryHackMe is a kind of crash course because it covers various
topics related to pentesting. Though it is a very long room, I have included all the
solutions here.
1 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Section 1
Network Enumeration tools:
• To answer the question in this Task, nmap cheat sheet is enough: Link
2 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 2 Solution
• Netcat is called — Swiss army knife. Because it can do so many things for network
enumeration and hacking
3 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 3 Solution
Section 2
Web Enumeration:
4 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 4 Solution
5 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 5 Solution
Section 3
6 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
System Hacking:
Get unlimited access Open in app
• Sans cheat sheet describes well the options for metasploit: Link
Task 7 Solution
• To select any module, we can use either the serial number (here 0) or the full
pathname of that module
7 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
• Using basic commands from the cheat sheet, we can select and use any module.
Get unlimited access Open in app
Picture below:
Using EternalBlue
8 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 8 Solution
9 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 9 Solution
10 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Section 4
11 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 13 Solution
• John the ripper is another great tool for cracking. Here is the cheat sheet.
12 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 14 Solution
Section 5
• sqlmap is an automated SQL injection detection and exploitation tool
13 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 16 Solution
14 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
15 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 18 Solution
Section 6
• smbmap is a great tool for smb enumeration.
16 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Subscribe
Task 20 Solution
• Help menu for smbmap and smbclient shows enough basic info to run the tools
• Command: smbclient -h
17 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Task 21 Solution
Section 7
This is a CTF challange. Below I am describing the process to solve it.
Enumeration:
Target IP shows Default Apache website. As there is web, so web enumeration (directory brute
force) is needed.
• I have used medium size directory list. It took some time to finish
• I need to scan this /secret directory again because there is no other directory/ info
available.
18 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
Exploitation:
• SSH attempt is succeful with this username and password. So I have initial access
SSH connection
user.txt
• If I list the sudo access (sudo -l) it says that — nyan can run /bin/su without any password
19 of 20 05/11/2022, 8:57 AM
TryHackMe: CC Pentesting | Writeup | by Ashraful Alim | System Weakness
https://systemweakness.com/tryhackme-cc-pentesting-writeup-5c042c8d03e0
• With this sudo access, I can list root directory and read the root flag
Get unlimited access Open in app
root flag
20 of 20 05/11/2022, 8:57 AM