TryHackMe! RootMe - Uploading Shells & SUID // CTF (Easy)
Вставка
- Опубліковано 19 сер 2021
- Are you trying to solve the RootMe room on the TryHackMe ethical hacking training platform?
** DISCLAIMER: DO NOT ATTEMPT THE TECHNIQUES FROM THIS VIDEO ON SYSTEMS THAT YOU ARE NOT AUTHORIZED TO DO SO. THIS VIDEO IS FOR EDUCATIONAL PURPOSES ONLY. **
Join this channel to get access to perks:
/ @jongoodcyber
Make sure to subscribe so you don't miss new content!
/ @jongoodcyber
Looking to start a career in Information Security, Cyber Security, or Information Assurance? Check out all these resources to Get Started! www.jongood.com/getstarted/
Need CAREER COACHING or CONSULTING Services? www.jongood.com/services/
RootMe Quick Information:
-FREE
-CTF Room
-Easy Rating
-Linux Operating System
Join me as we walkthrough defeating the RootMe room on the TryHackMe platform. TryHackMe is an ethical hacking training platform that provides training and lab environments to improve your cyber security skills.
-Recommended ethical hacking books: www.amazon.com/shop/jongood?l...
-TryHackMe: tryhackme.com/
Blog Post: www.jongood.com/tryhackme-roo...
DISCLAIMER: You should never practice any of the skills learned through the platform or in this video without official written consent from system and network owners.
#TryHackMe #RootMe #EthicalHacking
🔥Training Courses🔥
___________________________________________
Full List: www.jongood.com/courses/
👕Merch👕
___________________________________________
www.jongood.com/merch
📱Social Media📱
___________________________________________
Discord: jongood.com/discord
Facebook: jongood.com/facebook
Instagram: jongood.com/instagram
LinkedIn: jongood.com/linkedin
Twitter: jongood.com/twitter
Website: jongood.com/
⚡️Lab & UA-cam Gear⚡️
___________________________________________
www.jongood.com/equipment/
📇Affiliates📇
___________________________________________
www.jongood.com/affiliates/
DISCLAIMER: I am an ambassador or affiliate for many of the brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.
DISCLAIMER (MUSIC): I only use royalty free music and sound effects. - Наука та технологія
Hi Jon, really enjoyed the CTF content. Would enjoy seeing some more in future.
Awesome, thank you!
Coincidentally, I was working on a beginner ctf on thm when this video dropped. I was stuck at the end and had to look up a command that was mentioned, sudo -l. And I was stuck on this for a good while😅 if I would’ve watched this first I could’ve finished it a lot sooner.
Bummer! Well I'm glad that I will at least help other people in a similar situation.
I’m new to this. Can you explain why the python folder is considered weird ? Thanks
This video isn't really meant to dive deep into the why but if you want to learn more you will want to research SUID and Python. At a high level, typically programming languages like Python have the ability to interact with the operating system and can be abused if permissions aren't very strict.
More videos like this please
I'm glad that you enjoyed the video and thank you for the feedback!
hi John , Can you do more videos like this .what else do you suggest one does to improve cybersecurity skills?
Thanks ,
Estefy
I also think that if he does many videos on this will be great!
Absolutely! I recommend grabbing a free copy of my eBook ( www.jongood.com/getstarted/ ) where I go into more detail about skills that you should develop.
Why was the python path considered weird?
With less experienced hackers, being able to use a programming language like Python to privilege escalate is not usually one of the first things that comes to mind. It's not that we don't see those types of security vulnerabilities but typically other application or system misconfigurations, and vulnerable software versions tend to be the types of attack vectors we think of most commonly. Like anything, as your knowledge evolves, you start to identify some of these seemingly innocent paths.
Why python is consider as an interesting or weird file? Is there any reason for that? And should we know the python command by heart or GTFOBins our best friend?
Although certainly not a video diving deep into the reasons why it's interesting, I highly recommend researching vulnerabilities in Python that you can exploit to help you in your journey. There's no rule in this career field that you have to memorize commands or usage syntax, but you should know where to find them.
i did basically the same thing but when i run nc and click on shell.php5, nothing happens, the webpage loads and says "warning failed to daemonise, this is quite common and not fatal" i tried everything and idk how to get passed it.
"Basically doing the same thing" doesn't sound like you did it exactly as shown. I recommend performing the demonstrated steps and see if that works. You can also check the TryHackMe discussion forums if it's a particular issue that isn't covered and still exists.
probalby in shell.php you wrote machine ip, not openvpn ip
Waka Flocka Flame
I'm glad that you enjoyed the video!
He really didn't explain alot in this video like how did you use 2> to find a file and how the Heck was that Python file weird out of All them files?
The scope of this video was to show you how to complete the tasks successfully, not necessarily to break down super technical details. You have the answers, so now it's crucial to improve your research skills to dive deeper into those answers.
How the heck did you know what wordlist to use?!
CTFs tend to stick with common lists, but sometimes you just need to try different lists to see what works. It's very uncommon for a lab or CTF to use a list that is not widely available because the point is to see if you know what you're doing process-wise and not necessarily if you have some secret list.
@JonGoodCyber OH!!! So at the risk of sounding like a novice, is there a list somewhere OR does this just come with experience 🤔
@@SilentCreepa22 Several lists are preloaded in Kali. You can also download lists or create your own if you want.