In this video walkthrough, we covered a CTF scenario where we started with nmap scanning followed by enumeration of the web application running on port 8000 where we discovered a directory traversal vulnerability allowing us to read the contents of sensitive files such as /etc/passwd. Using Python, we discovered the process name that is listening on port 6048 discovered during nmap scan. The application name was GDB server and we used Metasploit to exploit it and gain Meterpreter shell. Privilege escalation was achieved horizontally first by looking for binaries with SUID bit set and then to root using ruby.
****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
******
Writeup
https://motasem-notes.net/exploiting-hidden-ports-using-python-directory-traversal-tryhackme-airplane-ctf/
TryHackMe Airplane
https://tryhackme.com/r/room/airplane
********
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/motasem.hamdan.official
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
