Brooklyn Nine Nine

1. Enumeration machine by using nmap.

---

1. Port 80 is open, so we can check source code for the main website.

"Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. "

Saving image from main page to our machine.

---

1. First we need to crack password to read hidden information in image.

Extracting information from image using cracked password.

steghide extract -sf brooklyn99.jpge

---

1. Now I can log in to ssh with new credentials and I can try to get root straight away.

---

1. Go to the website: https://gtfobins.github.io/gtfobins/nano/ to find out info how to privilage escalation to root in this situation.

---

1. Now it's time to get a root and flags:

---

1. Our flags:

User flag: ee11cbb19052e40b07aac0ca060c23ee
Root flag: 63a9f0ea7bb98050796b649e85481845

---

EXTRA:

I noticed that flag was in user "jake" directory, so it could be other way to get this machine.

Back to beginning, server ftp is open, log in as anonymous without password and get a file to our machine and read it.

There is a note about weak password, so I can try to crack password to ssh using hydra.

Now we can log in to ssh and get a first flag:

Now it's time to get a root flag.

DONE 🎉