THM-Brute It-Full Writeup
3 min readFeb 20, 2025
Learn how to brute, hash cracking and escalate privileges in this box!
We found 2 Ports Is Open
22 SSH
80 HTTP
Now we will search for hidden Directory
We have an interesting Directory (Admin) and it is addicted Let’s see what it contains
We will check the source code and see
Gain Access
We have found a user name now we will use Hydra to find the password
whoami@mint:~/Desktop/THM-Lab/Brute-It$ hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.78.254 http-post-form "/admin/:user=^USER^&pass=^PASS^:username or password invalid" -v
Get Web Flag
We Found RSA Private Key
We can Login to SSH now
Get User Flag
Privilege Escalation
First, we will solve the first question in the last Task
Find a form to escalate your privileges.
What is the root’s password?
To solve this question, you can learn the steps from here
Get Root Flag
Now We will use Cat to Open the root.txt file
