Lorenzo Bruno
Italian
Italian
  • Welcome on board
  • HackTheBox
    • Quickstart
      • Writeups
        • TwoMillion
        • LinkVortex
        • Chemistry
        • Titanic
        • Moon
  • TryHackMe
    • Quickstart
      • Writeups
        • Pickle Rick
        • Pyrat
        • Lookup
        • Vulnversity
      • Advent of Cyber 2024
        • Writeups
          • Day 1: Maybe SOC-mas music, he thought, doesn't come from a store?
          • Day 2: One man's false positive is another man's potpourri.
          • Day 3: Even if I wanted to go, their vulnerabilities wouldn't allow it.
          • Day 4: I’m all atomic inside!
  • Sviluppo Malware
    • Basi
  • Corso python
    • Benvenuti
      • Esercizi
        • esercizio_01
        • esercizio_02
        • esercizio_03
        • esercizio_04
        • esercizio_05
        • esercizio_06
        • esercizio_07
        • esercizio_08
        • esercizio_09
        • esercizio_10: Challenge
        • esercizio_11
        • esercizio_12
        • esercizio_13
        • esercizio_14
        • esercizio_15: Challenge n.2
        • esercizio_16
        • esercizio_17
      • Slide
      • Hall of fame
  • Useful websites and materials
Powered by GitBook
On this page
  • Enumeration
  • Foothold
  • Privilege escalation
  1. TryHackMe
  2. Quickstart
  3. Writeups

Pyrat

Test your enumeration skills on this boot-to-root machine.

Enumeration

$ nmap -sV -sC <IP>
PORT     STATE SERVICE  VERSION
22/tcp   open  ssh      OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 44:5f:26:67:4b:4a:91:9b:59:7a:95:59:c8:4c:2e:04 (RSA)
|   256 0a:4b:b9:b1:77:d2:48:79:fc:2f:8a:3d:64:3a:ad:94 (ECDSA)
|_  256 d3:3b:97:ea:54:bc:41:4d:03:39:f6:8f:ad:b6:a0:fb (ED25519)
8000/tcp open  http-alt SimpleHTTP/0.6 Python/3.11.2
|_http-open-proxy: Proxy might be redirecting requests
|_http-server-header: SimpleHTTP/0.6 Python/3.11.2
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, JavaRMI, LANDesk-RC, NotesRPC, Socks4, X11Probe, afp, giop: 
|     source code string cannot contain null bytes
|   FourOhFourRequest, LPDString, SIPOptions: 
|     invalid syntax (<string>, line 1)
|   GetRequest: 
|     name 'GET' is not defined
|   HTTPOptions, RTSPRequest: 
|     name 'OPTIONS' is not defined
|   Help: 
|_    name 'HELP' is not defined
|_http-title: Site doesn't have a title (text/html; charset=utf-8).

Capiamo che sulla macchina gira un semplice web server creato con Python. Visitiamo il sito e vediamo cosa c'è

Foothold

Privilege escalation

PreviousPickle RickNextLookup

Last updated 3 months ago

Page cover image