Try Hack Me: Easy Peasy Walkthrough

this is my walk through Easy Peasy room on try hack me.

there is a common methodology to walk through any CTF challenge:

1. Enumeration
2. Exploitation
3. Privilege Escalation

Outlines

How to deal with decrypted text?

1. try to decrypt it with Cyber Chef
2. if can’t so it’s a hash
3. try to crack the hash with with crack station or hashes
4. search with the hash in google
5. use john to crack the hash.

How to analyse photos?

1. use strings
2. use steghide extract -sf image
3. use exiftool

Enumeration

in this phase we try to discover (open ports, services, and technologies of the target.

we use NMAP to complete this phase.

nmap -sV -Pn 10.10.242.227 -sC -p- -T4 --min-rate 5000

• -Pn: to avoid pinging the target before ping scan.
• -sC: to run basic scripts to enumerate the target.
• -sV: for version scan.
• -p-: to test all ports.
• -T4: to set scan set fast
• — min-rate 5000: to set minimum request per second to 5000.