TryHackMe|GamingServer WriteUp\Walkthrough (English)

Gaming Server

Room Link: https://tryhackme.com/r/room/gamingserver

================================================================

• sudo nmap -vv IP you have two ports open 80 and 22. Doing gobuster you found an interesting folder /secret. This folder is an index of, there is a file called secretKey and it contains an encrypted private RSA key. Copy this key and save it in a file keyEncrypted and change the permissions to 400.
• The home page of the website doesn’t have anything important to it, it is just a lorem ipsum text. But in the source code, there is a hint, there is a user called john.

• Now that we know the username, we need to decrypt the key ssh2john keyEncrypted > key then john key and you will get the password for the key. Login to the machine ssh john@IP -i key
• Once you are in the machine you will find the user flag in the home directory of john ✨.
• Upload linpeas to the victims /tmp directory and chmod +x linpeas.sh then run it.

As you see you have 95% chance of Privilege Escalation by leveraging lxd. The steps are explained in details in the challenge HA Joker on this blog.

Once you have the root shell cd /mnt/root/root and you will find the root flag ✨.