filmov
tv
Wgel CTF - TryHackMe CTF Walkthrough {FOR BEGINNERS}!
Показать описание
Wgel CTF Walkthrough with explanation for beginners!
This was an awesome room which leaked an RSA private key file in order to SSH into the system and escalate our privileges with the wget binary!
--------------------------------------------------------------------------------------------------
Time Stamps:
0:00 - Intro
0:50 - Inital Nmap Scan
2:00 - Using GoBuster to enumerate directories
2:30 - Finding the user 'Jessie' in the source code comments
3:15 - Exploring the website
5:35 - Finding .ssh with gobuster
6:00 - Getting the RSA private key file
7:40 - Changing permission on the id_rsa file
8:30 - SSHing into the server as user 'Jessie'
9:00 - Checking sudo permission for 'Jessie'
9:30 - Checking out GTFOBins wget page
10:10 - Explaining how we are going to escalate privileges with wget
11:45 - Getting original /etc/shadow file from the victim machine
12:50 - Creating a duplicate /etc/shadow file on our local machine
13:45 - Crea1ting a new root hash with the password of 'password'
14:45 - Transferring the new /etc/shadow file from our local machine to the victim machine
16:30 - Troubleshooting
20:45 - Obtaining root
--------------------------------------------------------------------------------------------------
Tools used in this video:
-------------------------------------------------------------------------------------
Any constructive criticism is always appreciated! Please let me know what you would like to see next or something I can improve in the comments!
I hope you learned something today, and happy hacking!
This was an awesome room which leaked an RSA private key file in order to SSH into the system and escalate our privileges with the wget binary!
--------------------------------------------------------------------------------------------------
Time Stamps:
0:00 - Intro
0:50 - Inital Nmap Scan
2:00 - Using GoBuster to enumerate directories
2:30 - Finding the user 'Jessie' in the source code comments
3:15 - Exploring the website
5:35 - Finding .ssh with gobuster
6:00 - Getting the RSA private key file
7:40 - Changing permission on the id_rsa file
8:30 - SSHing into the server as user 'Jessie'
9:00 - Checking sudo permission for 'Jessie'
9:30 - Checking out GTFOBins wget page
10:10 - Explaining how we are going to escalate privileges with wget
11:45 - Getting original /etc/shadow file from the victim machine
12:50 - Creating a duplicate /etc/shadow file on our local machine
13:45 - Crea1ting a new root hash with the password of 'password'
14:45 - Transferring the new /etc/shadow file from our local machine to the victim machine
16:30 - Troubleshooting
20:45 - Obtaining root
--------------------------------------------------------------------------------------------------
Tools used in this video:
-------------------------------------------------------------------------------------
Any constructive criticism is always appreciated! Please let me know what you would like to see next or something I can improve in the comments!
I hope you learned something today, and happy hacking!
0:16:22
0:09:03
0:22:02
0:15:37
0:13:55
0:12:31
![[Wgel CTF]: Walkthrough](https://i.ytimg.com/vi/ZeZbIxweDpA/hqdefault.jpg)
0:09:34
![[CTF] TRYHACKME -](https://i.ytimg.com/vi/fefDrQBGIhs/hqdefault.jpg)
0:14:35
0:14:06
0:06:07
0:11:08
0:07:06
0:18:35
![[FR] TryHackMe -](https://i.ytimg.com/vi/OWy1ARFN6XQ/hqdefault.jpg)
0:06:29
0:06:19
0:11:13
0:11:35
0:20:39
0:11:04
0:13:23
0:09:43
0:22:32
0:21:20
0:36:47