Today's problem is: https://tryhackme.com/room/wonderland
First let's scan the open ports and services using Nmap:
Now, we will explore the "http" service and on main webpage, it asks us to follow "white rabbit".
So, as no further hint is there, so we will perform a directory enumeration using "Gobuster", and we will see a directory "/r".
Now, again performing further sub-directory enumeration on this directory, we can see a new directory "/a".
And now we can observe a pattern, and it leads us in the pursuit of the "rabbit" to our final sub-directory, and we will go to below page in our browser:
http://<MACHINE_IP>/r/a/b/b/i/tAnd, in it's page source we can find the login credentials for the SSH service.
Now, we can login into the machine, and using our master tool i.e. "PwnKit", we can escalate our privileges to root, and we can grab the user and root flags.
For more details, see:
And we can get our user flag from the "/root" directory:
And the root flag from the "/alice" directory:
There is another way to gain privileges to this room, but I will add that later in a future update.
We are done with the machine……….
Let's move to the next, till then Have a good day (night too)