TryHackMe // RootMe

In this video, I will be taking you through the RootMe pentesting/ctf challenge on TryHackMe! This is a pretty basic box running a web application where you learn to get a reverse shell through file uploads. You then perform a privilege escalation through SUID and get ROOT!

TryHackMe is one of the best ways learn penetration testing & cyber security, it's similar to HackTheBox and other platforms but TryHackMe is a bit better structured, where you have defined steps you have to complete, which gives you just enough information for you to be able to move forward without actually giving you the answers to the problems.

Video Timestamps
---------------------------------------------------
0:00 - Intro
0:22 - Start Rootme Room
1:01 - Enumeration - nmap
2:29 - Directory Brute Force - gobuster
4:05 - Web App Enumeration
4:51 - File Upload Panel
5:14 - Creating reverse shell payload
5:50 - 1 Attempt File Upload
7:36 - Explanation of File Upload Bypass
8:22 - 2 Attempt File Upload
9:02 - SHELL!!!!!
10:00 - 1 Flag
10:29 - privileged SUID
11:05 - Privilege Escalation - python / gtfobins
12:14 - 2 Flag
12:30 - Outro

LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍

FOLLOW ME EVERYWHERE
---------------------------------------------------

AFFILIATES & REFERRALS
---------------------------------------------------

#tryhackme #pentesting #hacker #cybersecurity #linux #rootme #ctf