top of page
  • Kaushal Patel
    • Jul 29, 2020
    • 2 min read

TryHackMe: Library CTF Walkthrough


Introduction

Hello Readers! Today's walk through the Library CTF machine from TryHackMe . The room is simple and fun, it contained basic penetration testing and privilege escalation. The main goal of this room is to get two flags from user.txt and root.txt.


First thing that we always have to do is connect your machine with tryhackme network through VPN.


Enumeration And Findings

Let us start our enumeration as usual with nmap.

nmap <IP>

As the result of the scan, we have got two ports open and they are 22/TCP SSH and 80/TCP HTTP.

Let’s check the HTTP service with browser.


I didn’t get what I was looking for but as I have an eye on blog author or posted person’s name.

As you can see from the above nmap scan screenshot, as per the scan result, we found /robots.txt directory.

When I checked the directory /robots.txt in browser, I got myself a hint to look into rockyou.txt.

Here I am using nmap for brute force user credentials.


nmap -p 22 --script ssh-brute --script-arg userdb=sshuser.txt,passdb=/usr/share/wordlist/rockyou.txt <IP>


Here, I got the possible username list in sshuser.txt and a hint to check with the password. As per the scan result, there is another service open and it is SSH.


sshuser.txt

root

www-data

Anonymous

meliodas

And I found the password and valid user for ssh login.


Wow, we got the password let’s login to the system through ssh with the credentials.

ssh meliodas@<IP>

ls


cat user.txt

I got the shell as normal user and we have the flag of user.txt


Privilege Escalations

I need to logged in root user to get the flag of root.txt. By typing sudo -l, you can see that we can run the bak.py file at the path /home/meliodas.

But by running it, we just get a Permission denied error..



So I replace and edit some details in bak.py

Here I backed up the bak.py for future if my code is not work so we can reverse this file

Finally, I got the root access to the system. Let’s check for root.txt file.

Found both the flags and completed the Library CTF room.

Submit he both flag and BOOM!


Thanks for reading and I hope you liked this blog.

Happy Learning!!!

bottom of page