Overpass 3 - Hosting - TryHackMe Walkthrough

Introduction: Last room of Overpass Series to exploit a web hosting service. It contains compromise of webserver, FTP server, GPG file decryption, Web shell attack, Port Forwarding, Directory Mounting and Privilege Escalation via Root Squashing attack. #RootSquashAttack #NetworkPentesting #WebPentesting #privilege_escalation #portforwarding #meterpreter #msfvenom Chapters: 0:00 - Overpass3 - Introduction 1:03 - Nmap - Network Scanning 1:43 - Dirbuster - Directory BruteForce 4:40 - GPG File Decryption 8:03 - FTP server Compromise 8:54 - Uploading MsfVenom Webshell 11:01 - ReverseShell Listener 12:33 - Gaining WebShell Access 13:04 - Running Linpeas for Linux Enumeration 15:04 - Root Sqash Vulnearble Account 16:25 - Attack Pivoting using Port Forwarding 18:54 - NFS (Network File Share) Mounting 21:35 - SSH Private Key Compromise 23:01 - Root Squashing Attack 24:25 - Setting Up SUID Bit 25:37 - Privilege Escalation 26:08 - Flag Submission Tools Used:- #Linpeas - For Linux Enumeration #Msfvenom - For webshell Generation #MsfConsole - For Reverse Shell Listener and Port Forwarding #Nmap - Network Port Scanning #DirBuster - Web Directory Brute Force Reference Material:- https://tryhackme.com/room/overpass3hosting (RoomUrl) https://www.gnupg.org/ (GPG encryption) https://linpeas.sh/ (Linpeas Script)