Overpass - TryHackMe Walkthrough

Introduction:- What happens when some broke CompSci students make a password manager? #Web_Pentesting #Network_Pentesting #ssh_bruteForce #linux_enumeration #privilege_escalation #blackhathacker #hacking #tryhackme #overpass Timecodes 0:00 - Intro To Overpass Room 0:34 - OpenVpn Check 0:56 - Nmap IP scan 1:57 - Directory BruteForce using DirBuster 3:03 - SourceCode Analysis 6:18 - Cookie Editor 10:12 - ssh2john & johnTheRipper 12:38 - Linpeas 16:40 - Exploiting CronJob 20:44 - Reverse Shell 24:30 - CVE-2021-4034 Exploit Tools:- Tools used in OVERPASS (TryHackMe room), are as following:- #openvpn - for connecting to tryhackme server #nmap - port scanning, service enumeration #dirbuster - directory brute force #ssh2john - To convert the private SSH key to crackable string #johntheripper - for brute forcing passphrase of private SSH Key #linpeas - Linux Enumeration for post exploitation #ReverseShellTcp - To catch the reverse shell #netcat - Swiss army knife of hacking, reverse shell listener #kalilinux2023 - A goto Virtual machine for hackers and pentesters #python_Http_server - A simple file sharing (upload/download) server #CVE-2021-4034 - A linux privilege escalation exploit written in C and Python Important Links:- https://linpeas.sh/ (Linpeas Download Link) https://raw.githubusercontent.com/arthepsy/CVE-2021-4034/main/cve-2021-4034-poc.c (CVE-2021-4034 Exploit Code) https://tryhackme.com/room/overpass (Room URL) https://github.com/swisskyrepo/PayloadsAllTheThings (Reverse Shell TCP)