In this video, we are gonna be solving tryhackme's new easy ctf challenge u.a high school [ https://tryhackme.com/r/room/yueiua ] based on the anime my hero academia. We just begin with a basic nmap with having just two ports open one's ssh and on port 80 we got a High School website hosted using apache2, we fuzz directories using gobuster and dirsearch and ended up on an endpoint that gives us rce on the box, we could've found that parameter using a tool like arjun, but here dirsearch did the job for us too. After getting a shell as www-data user, we found a jpg image file which has deku user creds hidden, we first transfer that jpg over to our box, fix the magic bytes for jpg file, and extract the credentials using steghide / stegseek. Login as deku on the box, we found we can run a feedback.sh script with sudo perms and feedback.sh accepts user input and run it with eval, we cat the root flag by specifying the command in /etc/crontab file. Hope you learned something new 🙏🚀❤️
Medium blog post for dirsearch - [ https://medium.com/@nithissh/a-story-of-default-wordlist-in-dirsearch-to-20k-inr-bounty-8b788bc5c70b ]
Follow me on social media:
● https://twitter.com/hoodietramp
Github:
● https://github.com/hoodietramp
Support This Tramp!
Donations are not required but are greatly appreciated!
💸Ko-Fi: https://ko-fi.com/h00dy
#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting
