TryHackMe RootMe Walkthrough Tutorial - Pentesting
ฝัง
- เผยแพร่เมื่อ 23 ม.ค. 2021
- This TryHackMe RootMe tutorial is pentesting walkthrough for the RootMe challenge, which is a pretty basic box running a web server and an SSH server. Pretty standard stuff right? We'll start off by snooping around the web server, running an NMAP scan and of course a brute force of the directories using GoBuster. We'll find an upload directory and a web panel which allows us to upload files. Let's go for the standard php reverse shell and setup a listener on our own machine, but wait, they don't allow php files to be uploaded. So let's try the .php5 extension, bingo! File upload successful. The next part of this TryHackMe Rootme tutorial is to escalate our privilege's so we can get root. This involves looking for a file which runs with root permissions, we can scan for files with a privelaged SUID, and we get a good list of them, but the one that is most easily exploited will by the python binary. It's weird that this file has these permissions but who cares, let's use it. That almost wraps it up for this RootMe walkthrough, at this point we just need to use python to spawn a bash shell so, and boom we are now root. Now we just have to find the root flag, which is in the root directory which is pretty common. TryHackMe RootMe walkthrough completed!
This video was made by Hussein Muhaisen and generously shared with us, please subscribe to his channel and follow him on Twitter:
guidedhacking....
Discussion: bit.ly/2URJu9A
www.tryhackme....
TryHackMe is one of the best ways learn penetration testing & cyber security, it's similar to HackTheBox and other platforms but TryHackMe is a bit better structured, where you have defined steps you have to complete, which gives you just enough information for you to be able to move forward without actually giving you the answers to the problems. And ofcourse, if you get stuck there are plenty of TryHackMe writeups available online like ours. This TryHackMe RootMe walkthrough involves a pretty simple box, as long as you have experience doing 1 CTF or 2-3 boxes this one should be pretty straight forward.
Donate on our Forum : bit.ly/2HkOco9
Support us on Patreon : bit.ly/38mnveC
Follow us on Facebook : bit.ly/2vvHfhk
Follow us on Twitter : bit.ly/3bC7J1i
Follow us on Twitch : bit.ly/39ywOZ2
Follow us on Reddit : bit.ly/3bvOB57
Follow us on GitHub : bit.ly/2HoNXIS
Follow us on Instagram : bit.ly/2SoDOlu
#TryHackMe #PenetrationTesting #EthicalHacking
