TryHackMe TOC2 Walkthrough | Full Exploit: CMS Made Simple, Reverse Shell, Race Condition PrivEsc

#tryhackme #pentesting #cybersecurity Welcome back to another full ethical hacking walkthrough! In this video, I take you step-by-step through the TryHackMe TOC2 room — from initial enumeration to full root compromise. This detailed guide shows every technique used to pwn the machine, including: 🔍 1. Enumeration (Nmap Scan) OpenSSH 7.6p1 on port 22 Apache HTTP 2.4.29 on port 80 robots.txt leak exposing CMS installation CMS credentials discovered in the HTML page Database name identified via robots.txt 🌐 2. CMS Made Simple Exploitation Accessing the CMS installer Completing CMS Made Simple setup using leaked credentials Uploading a PHP reverse shell via the File Manager Getting a shell as www-data 🔑 3. Privilege Escalation (www-data → frank) Discovering frank's plaintext password Switching user with su frank ⚙️ 4. SUID Binary Exploit (Race Condition) Analyzing the vulnerable readcreds C code Compiling and running rename.c exploit Race condition abuse to read root_password_backup Retrieving root password: root:aloevera 👑 5. Root Access Logging in as root Reading root.txt and completing the room This video is ideal for learners practicing: Linux privilege escalation Web exploitation CMS Made Simple vulnerabilities Race condition attacks TryHackMe CTF methodology If you find the video helpful, don’t forget to Like, Comment, and Subscribe for more cybersecurity walkthroughs! #TryHackMe #CTF #EthicalHacking #CyberSecurity #PrivilegeEscalation #LinuxExploitation #ReverseShell #PenTesting #CMSMadeSimple #BugBounty