TryHackMe - Red
This a is a video walk-through of TryHackMe's Red. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/hom...
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
0:00 Intro
1:35 Nmap scan
3:15 Reviewing Website
4:50 Trying for Local File Inclusion
6:40 Using PHP wrappers to read files. It works!
9:20 Using LFIHunter to read files
11:45 Finding blue's history file
14:30 Building password list
16:00 SSH access as blue
16:50 We get a message from red
18:00 Finding a reverse shell process by red
19:45 Looking into Pspy. Red kills our session
21:10 Showing a simple bypass to avoid messages and kick out
22:10 Trying another bypass but it didn't work
24:00 Running Pspy and finding reverse shell cronjob
25:20 Showing how messages are being sent
26:10 Reviewing the host files and trying to edit the hostname
29:30 Made a mistake on the hostfile
34:10 Fixed my mistake and getting a reverse shell as red
35:55 Finding odd pkexec binary
36:50 Reviewing PwnKit exploit
37:55 Using a Python Pwnkit exploit to get root
EXTRA
41:05 Reviewing Red's defense mechanisms
