THM - Pyrat

A writeup for the room Pyrat on TryHackMe

Test your enumeration skills on this boot-to-root machine.

Pyrat

Footprinting

We can start by doing a simple scan with nmap.

nmap -sS MACHINE_IP

There are two open ports: 22 (SSH) and 8000 (HTTP server).

If we try to go to the homepage on the webserver we see only the following message.

User

Reverse shell as www-data

More basic than HTTP communication might be a simple netcat connection to this port.

If we try with nc, we get something like a shell, which can be easily identified as a Python interpreter.