[THM] Root Me

This room was developed by ReddyyZ for Try Hack Me and is rated as easy. You can check the room by clicking here.

Let’s kick it off with an initial port scan.

Initial NMap scan

Running gobuster against the website there are two interesting directories found.

Gobuster

Checking the panel directory we uncover an upload form.

Upload form

Open burpsuite and capture the request for when you upload a file. Send the request to intruder and use a set of extensions to try to bypass the upload form.

Bypassing upload form extension check

Checking the upload directory you’ll see a bunch of files that were successfully uploaded. Start a listener and check which one will send a connection to the listener (in my case was the .php5 extension file).

Gaining reverse shell

Download and execute linux smart enumeration. SUID bit is set for python so we can abuse that to gain a privileged shell.

Privilege escalation

It was a simple and easy but fun room to do. Hope you guys learned something new.