RootMe - Easy CTF in TryHackMe
- MACHINE_IP [10.10.224.114]
-
nmap scan at here
- gobuster scan
Found:
- Got into panel and found a place to get the file upload
- Revershell php File upload in the /panel/ since from the gobuster and nmap scan found the server was runnig on php.
- php file not taken so used bare extension but didn’t execute.
- used the extension .phtml and trigerred it through
/uploads/reverse_shell.phtml
- Got the reverse shell and found the user.txt from
find / -type f -name user.txt 2>/dev/null
- Tried looking into the sudo permissions but got none
- Looked into the SUID bits by
find / -perm /4000 2>/dev/null and found python to be in the SUID
- Used the python SUID from GTFOBins Python to escalate the privilege to root.
- Found
root.txt using find / -type f -name root.txt 2>/dev/null.
~ Room Completed ~ </center>