Stealth - TryHackMe Walkthrough

Overview: An intense room to practice host evasion skills against #windows #Signature based #antivirusdefense. First you have to try to upload a #powershell_based_reverse_shell and the antivirus will try to detect it if it is #msfvenom based generated reverse shell. Then you have to find an executable with #SeImpersonatePrivilege enabled for #privilege_escalation via #PotatoExploits, however, sadly our powershell based reverse shell has not that privilege. So we will use privilege esclation enumeration script instead of winpeas (becz it is deleted immediately by antivirus). Upon scanning we will findout that #httpd.exe or #xampp folder has the required privilege. So we will try to upload a #PHPbasedWebshell to gain required #SeImpersonatePrivilege. Upon upload #PownyShell (A php based webshell) we will gain SeImpersonatePrivilege. Now, we can gain root privileges using #JuicyPotatoNG.exe, #GodPotato.exe, #EfsPotato.cs. (i have tested only these 3, #sweetpotato, #rottenpotato, #lonelypotato will not work) Mixed with #netcat or #msfvenom based reverse shell we gained the root/ admin flag. Chapters:- 0:00 - Stealth - Introduction 0:36 - Nmap - Network Scanning 1:58 - Powershell Based Reverse Shell 4:51 - Flag Hunting 12:16 - Windows Privilege Escalation Vector Enumeration 18:25 - PHP WebShell Uploading 19:27 - Verifying Webshell SeImpersonatePrivilge 20:42 - JuicyPotatoNG Exploitation 22:15 - MsfVenom - ReverseShell 23:43 - Msfconsole 25:05 - JuicyPotatoNG.exe in Action 25:52 - We are Root References:- https://tryhackme.com/room/stealth (Room Link) https://github.com/flozz/p0wny-shell (PHP reverse shell) https://github.com/martinsohn/PowerShell-reverse-shell (Windows Reverse Shell) https://github.com/antonioCoco/JuicyPotatoNG (Privilege Escalation Exploit) https://github.com/itm4n/PrivescCheck (Privilege Escalation Vectors Enumeration)