This article details a step-by-step walkthrough of the Anonforce Boot2Root challenge on TryHackMe, focusing on enumeration, cracking GPG keys, and privilege escalation. It highlights the importance of service discovery and cryptography skills for beginners preparing for security certifications. #Anonforce #TryHackMe
Keypoints
- Initial enumeration revealed open FTP and SSH services on the target machine.
- Anonymous FTP login allowed access to directories containing sensitive files and flags.
- GPG private keys and encrypted backups were used to obtain password hashes and root credentials.
- Tools like gpg2john and John the Ripper played a crucial role in cracking encryption and hashes.
- Full root access was achieved by cracking the root password, culminating in capturing the root flag.