CERTain Doom TryHackMe Walkthrough | Hard
HTML-код
- Опубликовано: 8 окт 2024
- In this video we are solving tryhackme's new CTF Challenge CERTain Doom [ tryhackme.com/... ]. It's a hard level box, which begins by discovering an arbitrary file upload vulnerability and combining it with CVE-2020-9484 in Apache Tomcat 9 to gain a shell within a docker container and obtaining the first flag. Using the container to scan for internal hosts, we identified two hosts and an internal service with one running the front-end and one running the back-end for it, we pivot using ligolo-ng and setup a tunnel proxy. The service manages documents and by logging into it with predictable credentials, we found a chat log and downloading it, discovered the second flag. After that, using the psychic signatures vulnerability to forge a JWT for another user, we discovered a hidden file belonging to the user and downloading it, we obtained the third flag. Hope you learned something new 🙏🚀❤️
Psychic Signature Ref - [ github.com/Dat... ]
Follow me on social media:
● / hoodietramp
● / hoodietramp
Blog:
● blog.h00dy.me
Github:
● github.com/hoo...
Mastodon:
● mastodon.socia...
● defcon.social/...
● infosec.exchan...
Join 345y🛸:
● / discord
Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: buymeacoffee.c...
#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting
Join my discord server - discord.h00dy.me
yessss
i like the way you have a alias for most time consuming commands
@@hyphen686 I do have a video on that (:
@@hoodietramp i ll surely check that. thanks
🔥
Hi thanks for the room. Basic question but what clipboard history software do you use?
@@channly xfce4-clipman, in windows i use copyQ
@@hoodietramp Thanks a lot!
Mast ha
💥
h00dy saves me everytime
nahi to meri G lag gayi thi iss room me
🤣glad bro