Sign in Subscribe
Latest issue

RootMe

Room

  • Name: RootMe
  • Site: tryhackme.com
  • Difficulty: Easy

Write up

  • Recon
    • Ports
      • 22
      • 80
        Screen Shot 2024-01-07 at 7.19.41 PM.png
    • http
      • Important endpoints
        • /uploads
        • /panels
          Screen Shot 2024-01-07 at 7.20.18 PM.png
        • /panels blocks php upload
          Screen Shot 2024-01-07 at 7.47.43 PM.png
        • /panels allows phtml uploads
          Screen Shot 2024-01-07 at 7.48.08 PM.png
        • Webshell uploaded
        • user.txt file in /var/www
          Screen Shot 2024-01-07 at 7.50.53 PM.png
        • got a reverse shell using https://www.revshells.com/
        • find SUID binaries using
          • find / -type f -user root -perm -u=s 2>/dev/null
        • /usr/bin/python has SUID flag
          • go to https://gtfobins.github.io/ and find a command to run to get root
          • run /usr/bin/python -c 'import os; os.execl("/bin/sh", "sh", "-p")'
            • get root
              Screen Shot 2024-01-07 at 7.35.16 PM.png

Subscribe to Hack Notes

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe