Exploiting Pluck CMS and Linux Privilege Escalation | TryHackMe Dreaming

In this video walkthrough, we covered TryHackMe Dreaming challenge where we demonstrated penetration testing concepts such as exploiting a vulnerable version of Pluck CMS to gain a reverse shell. Then we started the process of horizontal Linux privilege escalation. We moved between various users with alternating privileges such as www-data, lucien, death and morpheus. A combination of weak file permissions, incorrectly assigned privileges and hard coded credentials we were able to escalate privileges to the highest user, Morpheus, and wrap up the challenge. ****** Receive Cyber Security Field, Certifications Notes and Special Training Videos https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join ****** Writeup https://motasem-notes.net/exploiting-pluck-cms-and-linux-privilege-escalation-tryhackme-dreaming/ TryHackMe Dreaming https://tryhackme.com/room/dreaming ******** Patreon https://www.patreon.com/motasemhamdan?fan_landing=true Instagram https://www.instagram.com/dev.stuxnet/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/ LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Website https://www.motasem-notes.net Backup channel https://www.youtube.com/channel/UCF2AfcPUjr7r8cYuMvyRTTQ My Movie channel: https://w