Library CTF Walkthrough

Akarsh K N

4 min readMay 24, 2021

Hello everybody. Hope all are doing great. This will be our third CTF challenge writeup for the day. Hope you enjoy it.

So, let’s begin

Go to the below link and connect to the target machine in tryhackme.

TryHackMe | Library

boot2root machine for FIT and bsides guatemala CTF

tryhackme.com

Target ip : 10.10.35.143

Local machine Ip assigned by ovpn : 10.8.191.167

Lest ping and confirm that our machine is communicating with the target machine.

Command: ping 10.10.35.143

we will begin our basic nmap scan to find out open port and services running.

Command: nmap -sS -sC -sV -A -O 10.10.35.143

From the scan we know that there are two ports open.

. port 22/ssh

. Port 80/http

As port 80/http is open we will try the below url.

URL : HTTP://10.10.35.143

A website was loaded. After going through website, I found an user named meliodas.

I did directory scanning using gobuster.

Command : gobuster dir -u http://10.10.35.143 -t 100 -e -w /usr/share/wordlists/dirb/common.txt

/robots.txt and /images found intresting.

On further adding it to current url and checking, we got an hint called rockyou. This indicated me to crack the password of meliodas using rockyou wordlist.

These images did not reveal anything.

I used hydra to crack the password.

Command : hydra -l meliodas -P /usr/share/wordlists/rockyou.txt 10.10.35.143 -t 60 ssh

We found the password of meliodas user.

User name: meliodas

Password : iloveyou1

The other port open was 22/ssh, so we will try to ssh access using these credentials.

Command : ssh meliodas@10.10.35.143

Hence we found the user flag in user.txt file.

Now we should elevate our privileges, so we will try from the basic enumeration. We will use the command to know what could be executed with root previleges

Command : sudo -l