We covered the basic steps of a penetration testing procedure using a beginner friendly CTF challenge froom TryHackMe named RootMe.

Web Hacking & Pentesting Study Notes

OSINT Study Notes

Summary & Highlights

Information Gathering & Enumeration

Commands used in this stage:

nmap -sC -sV -oN nmap/rootme <MACHINE_IP>
gobuster dir -u http://<MACHINE_IP> -w <PATH_TO_WORDLIST>

Ports open on the machine:

22/ssh — OpenSSH 7.6p1
80/http — Apache httpd 2.4.29

/panel/ was discovered in the web directory and allows for file upload. Upload this reverse shell, setup your listener and get the first shell session.

Bypassing Upload Filters By Changing Extension

If the previous upload failed, rename the reverse shell and change its extension from php into .phtml and try again.

Room Answers | RootMe TryHackMe

Scan the machine, how many ports are open?

2

What version of Apache is running?

2.4.29

What service is running on port 22?

ssh

What is the hidden directory?

/panel/

Find a form to upload and get a reverse shell, and find the flag.

user.txt

THM{y0u_g0t_a_sh3ll}

Search for files with SUID permission, which file is weird?

/usr/bin/python

Find a form to escalate your privileges.

root.txt

THM{pr1v1l3g3_3sc4l4t10n}

Check out the video below for detailed explanation.

RootMe TryHackMe Video Walkthrough

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles