Sunday, May 25, 2025
Latest:
linux ftp serverLinux serverNETWORK ADMINISTRATIONS

I Hacked Obi Wan Kenobi Today – TryHackMe – Hank Hackerson #ethicalhacker

Had to hack Obi Wan Kenobi today. 😀
As usual, everything was done on TryHackMe.

This is basically a summary of what I did:
– Nmap: to map out the network and see what ports are open.
—- Found several sensitive ports: 21 (FTP), 22 (SSH), 111 (RPC), 445 (SMB).
—- Nmap scripts were used to enumerate available shares on SMB, as well as some sensitive directories on port 111 which was running rpcbind.
– SMBClient and SMBGet to find files in the smb shares and download them onto the local machine.
– In the sensitive directory, we found a log file that had a lot of sensitive information including a username (Kenobi) and an associated security key.
– Then I used searchsploit to find exploits relative to the FTP version that was running.
– Which was then used to mount the share directory and download the log file which contained the security key for Kenobi.
– SSH into Kenobi’s desktop using the security key.
– Once in Kenobi’s machine, ran a basic search for all files that had SUID permissions.
– Several were found and one was usable to gain root access.
– Got root access! Muahahaha

– SurfShark (VPN & AntiVirus For Unlimited Devices For $2.20/mo):
— https://bit.ly/SurfShark-FullPlan
– TryHackMe Discount Link:
— https://bit.ly/TryHackMe-Discount
– Subscribe to learn more about Penetration Testing & Ethical Hacking.
— https://bit.ly/HankHackerson-YouTube

Video Agenda:
01:10 The Tasks At Hand
09:19 TryHackMe Discount Link
09:52 Finding Open Ports (Nmap)
06:44 Enumerating Samba for Shares
26:21 Gain Initial Access With ProFTPd
39:03 Privilege Escalation / PATH Variable Manipulation
52:51 Review

Like, Share, & Subscribe to my “ethical” hacker journey. (Emphasis on the ethical :-P)

#ethicalhacker #ethicalhacking #hacker #hacking #cybersecurity #securityengineer #securityengineering #networksecurity #cybersecurityengineer #networksecurityengineer #tryhackme #pentest #pentesting #pentester #penetrationtest #penetrationtesting #penetrationtester #howtohack #howtobecomeahacker #smb #servermessageblock #nmap #nfs #networkfilesystem #ftp #filetransferprotocol

source

by Hank Hackerson

linux ftp server

You May Also Like

45. Принудительный контроль доступа – SElinux (RHCSA)

Divi Chat Episode 214 – How To Migrate A Divi Website

showing my server number 2