TommyBoy 1

The first step is to get the IP of our target machine (i.e., TommyBoy1)- The process of doing this is as follows-

Start network scan in your kali terminal with the help of ARP scan or Netdiscover

Command- arp-scan -l

TommyBoy1

In this scan we found the ip 192.168.1.57

Now lets see what is available on this ip

TommyBoy1

It is giving hint to find nick from IT

As we have our target IP we will scan the ports using Nmap Command- nmap 192.168.1.57 -p- -sC

TommyBoy1

As we can see that ssh is open and also we found robots.txt So lets check what we got in robots.txt

TommyBoy1

We found our first flag

TommyBoy1

Now we need 4 more

Let’s see if we found anything in the page source code

TommyBoy1

We have found interesting conversation and yt link Lets see what is there

TommyBoy1

So there is a voice saying – Hey Prehistoric Forest Let’s see if this is a hint or what

And we got a blog page on 192.168.1.57/prehistoricforest

TommyBoy1

And here is the second flag

TommyBoy1

Let’s find other interesting things

TommyBoy1

TommyBoy1

We got an image on /Richard

TommyBoy1

Lets see if we found anything in the img

TommyBoy1

We got encrypted text lets see what inside it And pass is spanky

TommyBoy1

And it says that ftp is opening in every 15 mins as pass word for nickburns is very simple

Lets try ftp with nickburns and pass also as nickburns

TommyBoy1

And we got a readme file and it says there is a subfolder called NickIzL33t somewhere so lets find out

After many tries we tried to found it on 8008 port

TommyBoy1

Here we found a page but says steve jobs can see content that means we have to change the user agent to ios with burp suite

TommyBoy1

After this let’s reload site

TommyBoy1

Now it’s saying to find the .html page so now let’s do it by fuzzing with ffuf

TommyBoy1

We got fallon1 so lets try out

TommyBoy1

And here we got three things let’s check it one by one

TommyBoy1

Third flag

TommyBoy1

 

A hint and a password protected file

So lets generate list of possible passwords with help of hints through crunch

TommyBoy1

Now let’s try to crack the password using fcrackzip And password is bevH00tr$1995

Let’s see what we got

TommyBoy1

And we got bigtommysenior half password and it says that other half is on blog of big tom

So let’s find all the users on that prehistoric blog page with wp-scan

TommyBoy1

Lets now bruteforce it

TommyBoy1

And here we got tom password i.e., tomtom1 Now let’s check out for second part of the password

 

TommyBoy1

And the complete password would be fatguyinalittlecoat1938!! Let’s check it out

TommyBoy1

And here we got the 4th  one

And lets up the site by copying challan.bak to /var/www/html/index.html

TommyBoy1

Now the site is up

And it said last one is in root so we have to privilege escalation

TommyBoy1

Now we will put our reverse shell code on this folder

TommyBoy1

This shell.php has reverse php shell code And by browsing this

http://192.168.1.57:8008/NickIzL33t/P4TCH_4D4MS/uploads/shell.php

And nc -nvlp 8887 on our kali we got the shell and the fifth flag

TommyBoy1

And here is the 5th flag

And it is saying if we combine all the flag data i.e., B34rcl4wsZ4l1nskyTinyHeadEditButtonButtcrack

We can open the loot box So lets open that also

TommyBoy1

 

Kindly read another article:

BRAINPAN: 1 Vuln Hub Machine Walkthrough

SYMFONOS: 5.2 Vuln Hub Machine Walkthrough

 

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Hello
Can we help you?