Today we will be tackling IDE, an excellent Linux box on the https://tryhackme.com platform. As always we will start with an autorecon scan of the target IP.
From this output it is clear to see ports: 21, 22, 80, and 62337 are open. Let's examine port TCP/21 first. We can see from autorecon’s output that port 21 allows anonymous login (not pictured). Let's connect and see what is there.
From a directory listing, we can see that there are three directories on the FTP port, “.” “..” and “…” The directory “.” denotes the present working directory and “..” denotes the directory “above” the one we are currently viewing. That leaves “…” which can easily be overlooked. Inside the directory “…” we find a file called “-” (not pictured). We can retrieve this file and view its contents with the command:
get -
If you notice when I attempt to cat the recently retrieved file, no output is displayed, this is because “-” is interpreted as a special character by the terminal instead of the filehandle. One simple workaround is to simply rename the file to something more standard.
From there being able to cat the contents is trivial and we are rewarded with two potential usernames, along with the information that the password used is the default.
By navigating to the random high port running on the box we are presented with a login form and the information that this port is running Codiad 2.8.4. Taking the username “John” that we learned from the FTP port we can attempt to try default credentials on this login form. I attempted codiad, root, and password, with password being the correct option
