TryHackme

Chocolate Factory – TryHackMe

Write-up for Tryhackme room name Chocolate Factory.

Difficulty Level – Easy

Start with Nmap scan as usual.

nmap -A -oN initial $IP

FTP login allow anonymous login, so we can log in and check for available files.

download the “gum_room.jpg” and extract the data inside the image.

as name mention content is base64 encoded. to decode this command

cat b64.txt | base64 -d 

looks like it is “/etc/passwd” file.

using john we can easily crack the hash

john --wordlist=/opt/rockyou.txt hash.txt

when we try to login SSH with these credential it won’t work, we need to login in web site using this credential.

when we login to website it let enter commands, using that we can easily get a reverse shell.

when you login you can see couple of files, the important one is key_rev_key. type Stings command to see available strings.

strings key_rev_key

In charlie home directory we will find SSH private and public key, copy private key to local PC and login using SSH.

Privilege Escalation

initial information gather with available tools

using VI we can easily escalate you can view methods in here GTFO.

sudo vi -c ':!/bin/sh' /dev/null

EXTRA

for root flag you need to run root.py and enter the Key.

Happy Hacking!!!

Share this post