Home CTF Writeups About

RootMe

I’m Yeshecodes and this is my write-up for the RootMe box on TryHackMe. I am not going to ruin the experience by giving you the answers, I will walk you through the steps.

Scan the machine with: nmap target_ip

nmap target_ip -p 80 -sV -A

Enumerate directories: dirb http://target_ip /usr/share/wordlists/dirb/common.txt Navigate to hidden path

Upload php payload (I used pentestmonkey github php payload) change ip to your machine_ip Save with filename.phtml

Start a listener: nc -lvnp chosen_port

Navigate to target_ip/uploads/[filename]

You have a shell!

Search for file:

find / | grep -w "user.txt" cat [path]/user.txt

Search for SUID files

find / -user root -perm /4000

found the file!: usr/bin/python

navigate to gtfobins https://gtfobins.github.io/

search python [SUID] I only used the 2nd line.

search file find / | grep -w "root.txt"

cat [path]/root.txt