TryHackMe | Jason Room Walkthrough [Voice | Explained]

00:00 - Intro 00:10 - Nmap 00:55 - Enumerating via web browser, taking a look at what is web-app doing. 03:06 - Analyzing requests and cookies with Burp Suite tells us about serialization. 06:18 - Searching up public exploits and trying out one RCE PoC available on exploit-db. 09:23 - Exploits failed, so we try to debug the program by analyzing the request with Burp Suite. 11:38 - Public RCE exploit does not work, we move on to find another way out and found out deserialization bug to RCE blog post. 12:12 - Trying to execute `ls` command fails. 13:15 - Trying to get ping back on our machine from target machine using deserialization bug fails. 15:19 - Got the ping back after self-invoking the function in serialized string. 16:13 - Getting reverse shell back! 17:26 - Got the shell back, analyzing the `server.js` file. 20:32 - Finding potential ways of privilege escalation. 21:40 - Abusing sudo binary to get root on the box. Write-up: https://noobtech.pro/writeup/tryhackme/jason-write-up/ Exploiting a Node.js web-app that is vulnerable to deserialization which give us a reverse shell back - following with sudo binary privilege escalation. Join the discord server for frequent giveaways and resources. You can help me in keep running these giveaways via Patreon. Patreon: https://www.patreon.com/TechMafia Discord: https://discord.gg/jwqyjtBtaD