Lab - Easy

Hello, everyone. Today, we will be exploring the Medium-level Password Attacks Walkthrough lab from the HTB Academy Penetration Testing Course. Our goal is to obtain the contents of flag.txt in /root

Recon

First, let's initiate an IP scan to identify open ports, thereby enabling us to assess available options.

I discovered that ports 21 and 22 are open. Let's attempt a brute force attack; perhaps we can obtain valid credentials.

I discovered valid credentials while brute-forcing FTP. Let's attempt to log in using FTP and explore the available data.

Upon logging in, I discovered a private key named id_rsa. Let's proceed by transferring it to our machine and adjusting its permissions in an attempt to establish an SSH connection.

Upon logging in, I conducted enumeration and successfully discovered the root password. Thank you for your time in reviewing this writeup.