TryHackMe : Basic Pentesting CTF

Nmap :

We see many ports open. Now we will do a gobuster scan :

We have found a hidden directory . Now we will do a enum4linux scan :

We get 2 users from enum4linux now we will stop the scan and go for bruteforce

We will use Hydra to bruteforce the password

We got the password of user jan i.e., armando. Now we will use ssh to login to jan user

We got into the jan account, we get a rsa key in kay account

now we will john to create a hash file

Now we will use john to crack the hash

Now we will login through kay account and we got our last flag.

Thanks !