TryHackMe - Blog (No Metasploit)
This a is a video walk-through of TryHackMe's Blog. If you prefer a written walk-through, you can find it here:
https://readysetexploit.gitlab.io/hom...
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
Desktop Background made by Gian M:
https://giancarlomedina.carbonmade.com/
Wordpress Crop-Image exploit:
https://github.com/hadrian3689/wordpr...
Chapters:
0:00 Intro
0:50 Start of Nmap scan
2:15 Reviewing Nmap results
3:00 Looking at Samba
4:05 Looking at the WordPress site
4:50 Finding usernames on the site
6:00 Using WPScan to enumerate site
7:30 Using WPScan to brute-force passwords
8:15 Finding valid credentials
9:10 Login in to Admin Dashboard
10:10 Looking for WordPress version exploits
11:35 Reviewing blog post on Crop Image exploit
13:00 Using my Github repository to drop backdoor
15:35 Backdoor dropped, getting reverse shell
18:00 Enumerating server, finding strange SUID
19:00 Checker SUID wants a environmental variable
20:00 Environmental Hijacking
22:22 Getting root
EXTRA
23:20 Using Ghidra to de-compile binary
![[MMD X APH] Do you even lift bro](https://images.videosashka.com/watch/9CMrLatdA0Q)
