STUNTMAN MIKE

IP - 10.150.150.166

OS - LINUX

DIFFICULTY - EASY

Nmap scan

we have two open ports

let’s start enumeration from port 22

so, bruteforcing ssh with hydra gives password for the user mike

hydra -l mike -P /usr/share/wordlists/rockyou.txt 10.150.150.166 ssh -t 4

let’s login to the ssh server using the creds

we have both the FLAG35 & 36 respectively

Privilege escalation

Running sudo -l shows that the user mike can run ALL comands with sudo

so, sudo su spawned us a root shell.

Thanks.