U.A. High School TryHackMe Walkthrough | Easy
Вставка
- Опубліковано 18 вер 2024
- In this video, we are gonna be solving tryhackme's new easy ctf challenge u.a high school [ tryhackme.com/... ] based on the anime my hero academia. We just begin with a basic nmap with having just two ports open one's ssh and on port 80 we got a High School website hosted using apache2, we fuzz directories using gobuster and dirsearch and ended up on an endpoint that gives us rce on the box, we could've found that parameter using a tool like arjun, but here dirsearch did the job for us too. After getting a shell as www-data user, we found a jpg image file which has deku user creds hidden, we first transfer that jpg over to our box, fix the magic bytes for jpg file, and extract the credentials using steghide / stegseek. Login as deku on the box, we found we can run a feedback.sh script with sudo perms and feedback.sh accepts user input and run it with eval, we cat the root flag by specifying the command in /etc/crontab file. Hope you learned something new 🙏🚀❤️
Medium blog post for dirsearch - [ / a-story-of-default-wor... ]
Follow me on social media:
● / hoodietramp
● / hoodietramp
Blog:
● blog.h00dy.me
Github:
● github.com/hoo...
Mastodon:
● mastodon.socia...
● defcon.social/...
● infosec.exchan...
Join 345y🛸:
● / discord
Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: buymeacoffee.c...
#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting
Join my discord server - discord.com/invite/QhHe7nNRSU
would recommend joining this server 💯
The methodology used to gain root flag was amazing👊
This wasnt an easy CTF at all :)
The way you got root.txt was 🔥
Thanks H00dy, i would never figured out. Keep going
Just Awesome
What I think is happening here is that the payload path that u are using is getting interpreted as blank or truncated (or whatever you put after it is not going to matter) and instead the important part is the cmd get param
@@alessandrolupini1015 yea prolly it got me pretty confused lol
Awesome h00dy😁
what is the name of your degree?
@@Ginnttv mine is bachelors of computer applications specialized in cloud tech and infosec
for me, the nc cmd does not work
i think i used busybox nc, u can just upload a shell using curl / wget and run that (:
h00dy the great
🏫