TryHackMe Publisher Walkthrough | Easy + CVE-2023-27372
Vložit
- čas přidán 3. 07. 2024
- In this video we are hacking into tryhackme's new boot2root ctf challenge - publisher by - [ tryhackme.com/p/josemlwdf ]. In this we'll make use of CVE-2023-27372 for Spip cms and gain rce on the box and get that initial foothold, for privesc we are gonna use linpeas to find the run_container suid and app armor existence, we are going to use perl bypass for app armor and we got all perms on /opt/run_container.sh script that is used by the suid binary and edit it to make bash a suid and escalate our privileges to root. Hope you'll learn something new. 🙏🚀❤️
[ tryhackme - tryhackme.com/r/room/publisher ]
⭐️ Video Contents ⭐
⌨️ 0:00 ⏩ Intro
⌨️ 0:43 ⏩ Starting Ctf
⌨️ 1:07 ⏩ Initial Enumeration (Spip Cms)
⌨️ 6:35 ⏩ Initial Foothold on the box
⌨️ 7:07 ⏩ Grabbing id_rsa for think user
⌨️ 11:37 ⏩ Running linpeas
⌨️ 16:45 ⏩ PrivEsc To Root (Setting up SUID on bash shell)
⌨️ 18:25 ⏩ Final POVs
Follow me on social media:
● / hoodietramp
● / hoodietramp
Blog:
● blog.h00dy.me
Github:
● github.com/hoodietramp
Mastodon:
● mastodon.social/@h00dy
● defcon.social/@h00dy
● infosec.exchange/@h00dy
Join 345y🛸:
● / discord
Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: buymeacoffee.com/h00dy
#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting - Věda a technologie
Join my discord server - discord.com/invite/QhHe7nNRSU
❤
🔥🔥🔥
❤❤
🔫
I also added a blog post for this one - blog.h00dy.me/tryhackme-publisher-writeup-easy