TryHackMe Rootme CTF Walkthrough

  1. File extension filter bypass
  2. Reverse shell
  3. Privilege escalation ( Becoming root)

Enumeration : Port Scanning

First, let’s scan the IP and find out which ports are open. We can use a simple command which used default nmap scripts and detects the version of the programming running.

nmap output

Directory Brute Forcing:

Let’s check out the website by entering IP address of the machine in address bar.

webpage
GoBuster

File Extension Filter Bypass:

We found that there is /panel directory, when we navigate to that page, we can see that we can upload images. Here is the place where we need to observe properly. When we try to upload .php files, it is getting rejected. It’s allowing only jpeg/gif. We need to try to bypass the filters to get a reverse shell.

  1. .phtml
  2. .php%00.gif
File extension bypass

Reverse Shell:

Now navigate to the page where your code is uploaded and reload it. You can find that…… you got a reverse shell in terminal.

Reverse Shell

Privilege Escalation:

This is the most important part and trickiest part of the whole process. We need to escalate our privileges and become root user. For that we need to check for files with SUID permissions. For that use the following command:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store