🏷🏷 Publisher TryHackMe CTF walk through 🏷🏷
HTML-код
- Опубликовано: 18 сен 2024
- Test your enumeration skills on this boot-to-root machine.
CVE-2023-27372 / SPIP publishing system
🏷 room link: tryhackme.com/...
The "Publisher" CTF machine is a simulated environment hosting some services. Through a series of enumeration techniques, including directory fuzzing and version identification, a vulnerability is discovered, allowing for Remote Code Execution (RCE). Attempts to escalate privileges using a custom binary are hindered by restricted access to critical system files and directories, necessitating a deeper exploration into the system's security profile to ultimately exploit a loophole that enables the execution of an unconfined bash shell and achieve privilege escalation.
🏷 script used:
github.com/nut...
#tryhackme
Please subscribe to get the latest videos www.youtube.com/@djalilayed
nice video
Thanks for the visit and support
بارك الله فيك
Thank you
Hello, at 25:00 you copy the bash binary to your directory, without doing that it doesn't work. But why ? What is the difference between /bin/bash and /dev/shm/bash ?
im having trouble with ssh, when i use -i key.txt, i get the following: load key "key.txt": error in lib crypto
how do i fix this
its possible the format of the key.txt, make sure the format is correct, and also chmod 600 key.txt, file also should not have any space at the end, verify the key with ssh-keygen -l -f key.txt. Are you using tryhackme attackbox?
@@djalilayed no I am using my kali linux machine, i will tey verifying the key