Lookup Writeup — TryHackMe. Test your enumeration skills on this…
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
A detailed walkthrough of exploiting the TryHackMe Lookup machine, covering network scanning with Nmap, brute-forcing login credentials with Hydra, exploiting an elFinder vulnerability using Metasploit, and escalating privileges through sudo misconfiguration to obtain root access.
Table of contents
OverviewWalkthrough1. Scanning the Target Network2. Adding Target to Hosts File3. Navigating to the Web Application4. Attempting Default Login Credentials5. Brute Forcing Login with Hydra6. Logging In7. Exploring the credential.txt FileGet Death Esther’s stories in your inbox8. Identifying Vulnerabilities9. Privilege Escalation10. Retrieving the Root FlagSort: