*Nerdherd (THM)
TryHackMe – Nerdherd Write-Up
topics: Web application security, Linux Privilege Escalation
Enumeration
Local Privilege Escalation
Root Privilege Escalation
new tools:
this room involves a technique that ive not yet learned (or is on the OSCP exam) so i'll have to revist
Enumeration
initial nmap scan .././autonmap.sh $ip Basic
w
w
FTP
ftp $ip
w
explore .jokesonyou and youfoundme.png
w
SMB
smbclient -L //$ip/ -N
w
have two unique shares but no printers were found
want to guess that because the room is themed around the "Chuck" TV show that one of the usernames will be of the titular character.
enum4linux $ip
w we see a user chuck is confirmed to have an account. from the scan we also see users nobody (local SMB account) and ftpuser (noted as local UNIX account) as well as some password information
w
reset chucks or nobody password?
might have to create a custom wordlist or just bruteforce in general.
Waste (1337)
w
www we also get a popup stating that the "hacker" left us something, hinting at a clue in the source code
w
w
this info was found from the "jokesonyou" directory so could be another rabbit hole
youtube page for song surfin bird
w
Enumeration Results
Service | Result |
FTP | found rabbit hole & file directing us to port 1337 |
SMB | found unique shares, 3 usernames, need creds |
Waste (1337) | pop up with link to song Surfin Bird with message "maybe what you need is here" |
w
Local Privilege Escalation
Root Privilege Escalation
sudo -l
w
w
Last updated