TRYHACKME WILLOW TREE WRITEUP

Challenge Link :- https://tryhackme.com/room/willow

After deploying the machine I firstly scan the IP address for the open ports.

From nmap scan we can clearly see that Port 80 ( HTTP ), Port 22 ( SSH ) and 2049 ( Network File Sharing ) are open. I paste the IP address in the browser and find there are large Hex value code there and decoded it on CyberChef.

After decoding the hex we see that first line clearly says that it is a private SSH key but it is not in it's normal form we have to further decode it to get the private key. 

After this I check the nfs by command showmount -e <I.P.>  It shows as that it is sharing a filesafe file and I mount it and cat the file it have value of public and private RSA key n and d.

 After googling a lot how to decode the RSA I got a website RSA Calculator and from there I decode the RSA key.

After Getting this I try for ssh login with this private key put it ask for the passphrase of the key. Then I understand we have to find the password for this key also so, that we can login into the system. I use Johntheripper and crack the passphrase and login into the system.

After it we login into the system and then we check for the items in the home directory of the willow there is a image there but we are not able to view it. I tried the scp command to download the image but there also it ask for willow password so There is one way left with us is to make the image into base64 and decode it in our browser and view it.

After decoding the hex of the file we get the user flag. Now I try to find out which command can I execute as root without the password. There I find two /bin/mount /dev/* and after it i go to dev directory and find one file suspicious and I tried to mount it after mounting it and checking the /mnt directory i fount the password of root and willow. 

I uses the root password and go to /root file and cat the root.txt but there is the twist in the challenge root flag is not there and it said that It had given me flag earlier. 

I go back to willow and searched every directory for the flag but there is no flag in that and a long time I think I got a image earlier and I try for the string, exiftool, binwalk but no result and when I used steghide it was asking a password and tried willow, thm and many more .... then I remember that in the root.txt message there it said I gave you password now. I tried for the root password as steghide passphrase and got the root flag.