TryHackMe 0day

This is a video walk-through of TryHackMe's 0day. If you prefer a written walk-through. You can find it here: https://readysetexploit.gitlab.io/home/thm/0day/ Buy Me A Coffee :) https://www.buymeacoffee.com/hadrian3689 Intro: 0:00 Intro 1:00 Reviewing Nmap results 2:50 Reviewing Web Site 3:38 Running Gobuster and examining directories 5:57 The backup directory has a SSH key, rabbit hole 8:50 Looking at the cgi-bin directory points us to Shellshock 11:55 Finding what kind of scripts to look for 12:45 Finding the cgi script, begin Shellshock exploit 15:36 Shellshock vulnerability confirmed 17:42 Using Burp to also test Shellshock 18:27 Getting reverse shell on target 21:40 Doing basic privilege escalation enumeration 23:40 Finding that the machine is running an outdated Linux Kernel 25:51 Finding kernel exploit 27:04 Downloading exploit and transferring to victim's machine 28:08 Compiling exploit, running into error 29:08 Finding error is due to a PATH issue 30:39 PATH issued fixed, compiled exploit and getting root EXTRA 32:13 Running Nikto to see if it finds the Shellshock vulnerability 34:00 Getting root reverse shell and dropping root SSH keys 35:25 Nikto does find Shellshock vulnerability