TryHackMe - Red

This a is a video walk-through of TryHackMe's Red. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/home/thm/red/ Buy Me A Coffee :) https://www.buymeacoffee.com/hadrian3689 0:00 Intro 1:35 Nmap scan 3:15 Reviewing Website 4:50 Trying for Local File Inclusion 6:40 Using PHP wrappers to read files. It works! 9:20 Using LFIHunter to read files 11:45 Finding blue's history file 14:30 Building password list 16:00 SSH access as blue 16:50 We get a message from red 18:00 Finding a reverse shell process by red 19:45 Looking into Pspy. Red kills our session 21:10 Showing a simple bypass to avoid messages and kick out 22:10 Trying another bypass but it didn't work 24:00 Running Pspy and finding reverse shell cronjob 25:20 Showing how messages are being sent 26:10 Reviewing the host files and trying to edit the hostname 29:30 Made a mistake on the hostfile 34:10 Fixed my mistake and getting a reverse shell as red 35:55 Finding odd pkexec binary 36:50 Reviewing PwnKit exploit 37:55 Using a Python Pwnkit exploit to get root EXTRA 41:05 Reviewing Red's defense mechanisms