Watcher Tryhackme Writeup

This is a Writeup of Tryhackme room “Watcher”

Room link: https://tryhackme.com/room/watcher
Note: This room is free

Introduction

Watcher was an eloquently constructed beginner level box designed to help introduce some key concepts and methods that are often seen across various penetration testing platforms. Despite not having any particularly difficult parts, it required some out of the box thinking as well as the ability to effectively analyse and chain together exploitation techniques. It’s a relatively long box, but provides a thoroughly enjoyable learning experience.

Initial Enumeration

Initial nmap scan shows the following ports:
21 vsftpd (up to date)
22 SSH 7.6p1 (up to date)
80 HTTP with Jekyll 4.1.1

Web Server

Running a gobuster on the web server:

gobuster dir -u 10.10.211.47 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .php,.txt