TryHackMe Mr Robot Official Walkthrough

how did you find out the username was Elliot

Great walkthrough, thanks for taking the time to record this!

I would also love if you had included some alternative ways, e.g. Burp's Intruder for bruteforcing the /wp-login dir, using wpscan(?) since it is a WP blog, etc.

Anyway, learned a lot from it, thanks again!

Thank you for the video, you're a master at it. Quick question, how do you get the bar at the bottom of your shell. Thank you so much for your answer and a big thank you for this video. 👍

Thank you for this amazing walkthrough, I have learned a lot! I have a question, how do you know what directory "archive.php" is stored in? I also noticed that my password is in capital letters, but since Linux is "case-sensitive" the password won't work. Can someone tell me why my output is "case-sensitive" within john the ripper?

I loved the video! Mr. Robot is the best! bty, does anyone know who to brute force login forms that are pop ups???

Was knowing nmap had the suid but something you pick up overtime?

How do you know what the archives.php url path is?

if you go under Krista Gordons account it says "another key?" I went down that rabbit hole lol.

Great walkthrough. Had a problem with john the ripper though, for some reason it returned all Caps for the letters instead of All lowercase. Weird.

Its funny how they put the password (ER-...) at the 858151 position in the dic file because if we use hydra like you showed us it will have to try 800k request wich takes an absurd amount of time

how did you know the file robots.txt

I got the wp user/pass in a different manner. The ip/license url for which I got 200 response, I opened and inspected using firefox's inspect context menu. There was a base64 encoded string which gave me the user/password combo. This was not visible in the view source page though.

Thank you for the amazing help and efforts !!

my wordlist is not running please advice what to do

missing my ti line sir.

What terminal multiplexer is that? Thanks!

This was an amazing video, thank you.

How did you know to add "robots.txt"? Could it not have easily been "anythingelse.txt"?

One thing that was very crucial in brute forcing the password for Elliot is that there is nearly a 1,000,000 words in the the fsociety.dic when in reality it should have been about 11,000 words. If you cat fsociety.dic | grep "any word in the fsociety file here", you will see a ton of the same words being used in the file. To remove all those unnecessary duplicate words, you could have done sort fsociety.dic | uniq -d > new.txt. Then right after that you would append the unique words doing sort fsociety.dic | uniq -u >> new.txt. In doing so would give you the actual amount of words for that wordlist. That would save you a ton of time finding the password in a shorter time

how did you find that the shell was on wp-content/twentyfifteen/archive.php ? I was doing it on my own and I couldnt find the shell

i did like the video but when I did the first key it did not work

you can run sudo -S su robot to change to robot user

What is that terminal thing? how do you make it like that?. Great video btw it helped me alot about what to look for in terms of ethical hacking.

learned some new tricks, thanks dark!!

btw.... Hello friend, I did guess the file name.... or at least found the Easter egg.

If I would have run this without a walk through, which I did but was never getting anything, the wordlist would have taken 16 hours to go through. And the password was at the bottom! Was a little annoyed for just a thm room for it to take so long

You cannot use PWD as parameter man, this issue took hours from me. It should be PASS

What does -t 30 do?

When I try to do a reverse shell with nc I can't use the port 53, it's ok to use 1234? because it doesn't work :(

thx :)

The password is at the very end of the list, which contains many duplicates, very annoying.
To crack within a few seconds: tac fsocity.dic > reverse.dic

tried it so many times I just cant get the password for some reason.
Everything is correct idk whats going wrong

You guys put the username and password near the bottom of the list..nice..very nice

Why didn't you use whole error message for password brute-force? Is it because of that block lettered "Elliot" in the response?

Half an hour searching for password and it's not done yet... Why this file is so big???? It's a training box..

I also watched another video where someone used the command (find / -perm -u = s 2> / dev / null ").
What does it do ???
(Sorry for the bad english)

I couldn't find the password in the fsocity.dic file, I used python to open the file and search yet nothing popped up

Fantastic, simple and to the point, thank you for this gem of content.
Subscribed and all notifications=on :D

^PWD^ didnt work for me, i ended up getting it to work with ^PASS^

you said : we are gonna take a look at a common file we find on websites , while entering the file robots.txt . is this really the way to do it ? i want to know how to get the file ,without taking it from the internet .

how to view key-3-of-3.txt?
Plz help :')

I did have a small issue when running hydra. the password variable did need to be ^PASS^ instead of ^PWD^

if i m using !bash i am not getting a shell with root privileges...WHY?

Awesome video, cant wait to do this in THM!

Am using hydra for password its taking too long

Does playing CTF helps in getting through bug bounty as well

DarkSec you're the best.