Are you ready to elevate your cybersecurity skills? Check out my latest video where we tackle the Nano Cherry CTF challenge on TryHackMe. This walkthrough is perfect for both beginners and experts looking for a hands-on learning experience in privilege escalation and web exploitation.
In this challenge, we start with network scanning using Nmap, find open ports, and dive deep into user enumeration and privilege escalation techniques. Here’s a brief overview of what you’ll learn:
NanoCherryCTF: https://tryhackme.com/r/room/nanocherryctf
Key Steps in the Nano Cherry CTF Walkthrough:
- Network Scanning:
- Used Nmap to identify open ports (22 and 80).
- Resolved the given IP with cherryontop.thm in the /etc/hosts file.
2. SSH Login:
- Logged in with provided credentials (Username: notsus, Password: dontbeascriptkiddie).
- Discovered writable /etc/hosts using linpeas.sh
3. Process Monitoring:
- Used pspy32 to identify processes run by user bob-boba.
- Created a reverse shell script and used an HTTP server to serve it, capturing the shell with netcat.
4. Subdomain Enumeration:
- Found the subdomain nano.cherryontop.thm using ffuf.
- Logged into the admin portal using credentials from a discovered /users.db file.
5. Vulnerability Exploitation:
- Identified and exploited an IDOR vulnerability on the Ice-Cream Fact page.
- Obtained credentials for user sam-sprinkles and successfully logged in.
6. Final Steps:
- Combined keys to access Chad-cherry’s account and discovered a rootPassword.wav file.
- Decoded the SSTV signal in the file to retrieve the root password.
Each step is explained in detail in the video, so you can follow along and enhance your hacking skills. This CTF is an excellent opportunity to practice real-world cybersecurity scenarios and improve your problem-solving abilities.
Don’t forget to like, comment, and subscribe for more cybersecurity tutorials and walkthroughs!
Stay tuned for more exciting content! 🚀
