We covered web application authentication bypass using the reset feature in addition to Linux privilege escalation using the LD_PRELOAD method. This was part of TryHackMe Road.

By taking advantage of lack of check on the username field, we reset the password and intercept the request with Burp Suite. By changing the username to admin, we were able to reset the admin password and get access to the administration dashboard. We uploaded a web shell and got the first foothold on the machine. Privilege escalation was accomplished by creating a shared object file and make a binary use it to run as sudo. More on Linux privilege escalation notes

Get OSCP Certificate Notes

Challenge Answers

What is the user.txt flag?

What is the root.txt flag?

Video Walk-Through

CTF Writeups, OWASP, tryhackme

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Web Application Authentication Bypass | TryHackMe Road

Challenge Answers

Video Walk-Through

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Enumerating NFS (Network File System) | TryHackMe Advent of Cyber 3 Day 12

Investigating Malware and Spam with Wireshark

Press ESC to close

Web Application Authentication Bypass | TryHackMe Road

Challenge Answers

Video Walk-Through

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Enumerating NFS (Network File System) | TryHackMe Advent of Cyber 3 Day 12

Investigating Malware and Spam with Wireshark