Tryhackme's Lookup Writeup

In this post we see how to solve the Tryhackme's Lookup Machine

NMAP

We Start Off with a Usual Nmap Scan

nmap -Pn -sVC -T5 -oN lookupscan.txt 10.10.220.220

nmap scan

We find Port 22 and 80 Open , we decide to dig more with nmap scanning

nmap -sV -sC -vvv 10.10.220.220 -p 22,80

service and service version nmap scan

We find that Port 22 is Running SSH (Version OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)

and Port 80 Running http (Apache httpd 2.4.41)

we setup hosts file using

nano /etc/hosts

10.10.220.220 lookup.thm 

Upon Visiting http://lookup.thm on our browser we see a login page

Looking back at our Nmap Scan and Inspecting the Page Source we know one thing is that this page is using POST method or http-post-form .

At this Point i accidentally terminated the machine , and so i was assigned a new IP ,

Tip - Be Sure to change the same in your /etc/hosts file using the following commands

The New IP is 10.10.151.82

nano /etc/hosts 

10.10.151.82 lookup.thm 

Then We decide to Brute Force our way in using Hydra

first we snip our password wordlist into a small chunk as most easy machines on tryhackme have the password in the first head number 15000 , we do so using the following command

Link to Download the usernames_15000_rockyou.txt Below :-

Download usernames_15000_rockyou.txt | LimeWireLimeWire

We get the First set of Credentials with the correct Password :-

login - admin

password - password123

We get the Second set of Valid Credentials with the Correct Username and Password:-

login - jose

password - password123