filmov
tv
Simple CTF Tryhackme
Показать описание
It is a walkthrough of a room called Simple CTF from Tryhackme.
Steps for pwning this machine:-
1)Start with a map scan (map -A -T4 IP) .
2)Ftp anonymous login was allowed but didn't find anything too important there.
3)Port 80 had a directory called simple which I found through gobuster (gobuster dir -u URL -w /path/to/wordlist/ -x .php,.txt -t 40)
4)A cms was running (cms version 2.2.8)
5)Searchsploit tells us that versions less than 2.2.10 have a sqli vulnerability.
7)If you run into an error while running the exploit i.e errors like no module named termcolor found and pip install termcolor is not working then you have to set a virtual env (apt-get install python3-virtualenv && virtualenv -p python2 venv && . venv/bin/activate)
8)Then you will get the user and pass and login to the machine using ssh which is running on port 2222
9)After logging in, run sudo -l to find what commands the user can run as root without root password (it was /usr/bin/vim)
10) GTFObins tells us we can run this:-(sudo vim -c ':!/bin/sh')
11) we are root !!!!
If you find this video useful then give it a thumbs up and if you want to see more videos like this then subscribe to my channel.
Follow me:-
Steps for pwning this machine:-
1)Start with a map scan (map -A -T4 IP) .
2)Ftp anonymous login was allowed but didn't find anything too important there.
3)Port 80 had a directory called simple which I found through gobuster (gobuster dir -u URL -w /path/to/wordlist/ -x .php,.txt -t 40)
4)A cms was running (cms version 2.2.8)
5)Searchsploit tells us that versions less than 2.2.10 have a sqli vulnerability.
7)If you run into an error while running the exploit i.e errors like no module named termcolor found and pip install termcolor is not working then you have to set a virtual env (apt-get install python3-virtualenv && virtualenv -p python2 venv && . venv/bin/activate)
8)Then you will get the user and pass and login to the machine using ssh which is running on port 2222
9)After logging in, run sudo -l to find what commands the user can run as root without root password (it was /usr/bin/vim)
10) GTFObins tells us we can run this:-(sudo vim -c ':!/bin/sh')
11) we are root !!!!
If you find this video useful then give it a thumbs up and if you want to see more videos like this then subscribe to my channel.
Follow me:-
0:17:58
TryHackMe Simple CTF Official Walkthrough
0:20:32
TryHackMe! Simple CTF
0:17:41
TryHackMe - Simple CTF!
0:14:03
TryHackMe - Simple CTF Walkthrough
![[LIVE] Simple CTF](https://i.ytimg.com/vi/GVt-DfOuoi8/hqdefault.jpg)
0:51:20
[LIVE] Simple CTF - TryHackMe
0:09:23
Simple CTF - TryHackMe (EASY)
0:20:05
tryhackme simple ctf | CyberWorldSec
0:35:08
Backtrack TryhackMe Walkthrough | Medium Room
0:11:47
TryHackMe // Simple CTF (Easy CTF)
0:25:02
CTF (Capture the Flag) - Simple CTF. TryHackMe.
0:08:51
TryHackMe Simple CTF 🏴☠️
0:18:28
🔐SIMPLE CTF 🏴☠️TRYHACKME CTF🐉 WALKTROUGH EN ESPAÑOL 🕵️♀️ OFFENSIVE PENTESTING 🚀...
![[CTF] TRYHACKME -](https://i.ytimg.com/vi/Vs4sgMIr7dI/hqdefault.jpg)
0:12:26
[CTF] TRYHACKME - SIMPLE CTF (EASY)
0:17:45
Solve Your First CTF! TryHackMe - Simple CTF
0:29:11
Simple CTF (TryHackME)
0:23:27
TryHackMe - Simple CTF
0:44:50
Simple CTF Tryhackme
0:17:53
simple ctf tryhackme
0:03:00
TryHackMe - Simple CTF walkthrough
0:01:31
Do CTFs prepare you to be hacker?
0:09:46
TryHackMe - Simple CTF | Пентест с нуля
0:16:22
Beginner and Easy CTF | TryHackme Wget CTF
0:05:54
Conquering TryHackMe Simple CTF! - TryHackMe Walkthrough
0:12:13
Simple CTF TryHackMe Full Walk-through
Комментарии