CERTain Doom TryHackMe Walkthrough | Hard

Поделиться
HTML-код
  • Опубликовано: 8 окт 2024
  • In this video we are solving tryhackme's new CTF Challenge CERTain Doom [ tryhackme.com/... ]. It's a hard level box, which begins by discovering an arbitrary file upload vulnerability and combining it with CVE-2020-9484 in Apache Tomcat 9 to gain a shell within a docker container and obtaining the first flag. Using the container to scan for internal hosts, we identified two hosts and an internal service with one running the front-end and one running the back-end for it, we pivot using ligolo-ng and setup a tunnel proxy. The service manages documents and by logging into it with predictable credentials, we found a chat log and downloading it, discovered the second flag. After that, using the psychic signatures vulnerability to forge a JWT for another user, we discovered a hidden file belonging to the user and downloading it, we obtained the third flag. Hope you learned something new 🙏🚀❤️
    Psychic Signature Ref - [ github.com/Dat... ]
    Follow me on social media:
    ● / hoodietramp
    ● / hoodietramp
    Blog:
    ● blog.h00dy.me
    Github:
    ● github.com/hoo...
    Mastodon:
    ● mastodon.socia...
    ● defcon.social/...
    ● infosec.exchan...
    Join 345y🛸:
    ● / discord
    Support This Tramp!
    Donations are not required but are greatly appreciated!
    💸BuyMeACoffee: buymeacoffee.c...
    #tryhackme #ctf #boot2root #redteam #walkthrough #pentesting

Комментарии • 15

  • @hoodietramp
    @hoodietramp  20 дней назад +1

    Join my discord server - discord.h00dy.me

  • @hyphen686
    @hyphen686 20 дней назад

    i like the way you have a alias for most time consuming commands

    • @hoodietramp
      @hoodietramp  20 дней назад

      @@hyphen686 I do have a video on that (:

    • @hyphen686
      @hyphen686 19 дней назад +1

      @@hoodietramp i ll surely check that. thanks

  • @MatSec
    @MatSec 20 дней назад

    🔥

  • @channly
    @channly 4 дня назад

    Hi thanks for the room. Basic question but what clipboard history software do you use?

    • @hoodietramp
      @hoodietramp  4 дня назад +1

      @@channly xfce4-clipman, in windows i use copyQ

    • @channly
      @channly 4 дня назад

      @@hoodietramp Thanks a lot!

  • @localh0ste
    @localh0ste 20 дней назад

    Mast ha

  • @cr0wdedroom
    @cr0wdedroom 20 дней назад

    💥

  • @LowSpecBro
    @LowSpecBro 20 дней назад

    h00dy saves me everytime
    nahi to meri G lag gayi thi iss room me

Следующие
Автовоспроизведение
Hack Smarter Security -- TryHackMe - [Official Walkthrough!]1:14:11Hack Smarter Security -- TryHackMe - [Official Walkthrough!]
Hack Smarter Security -- TryHackMe - [Official Walkthrough!]Tyler Ramsbey || Hack Smarter
Просмотров 3,4 тыс.
DX2: Hell's Kitchen TryHackMe Walkthrough | Hard54:41DX2: Hell's Kitchen TryHackMe Walkthrough | Hard
DX2: Hell's Kitchen TryHackMe Walkthrough | Hardh00dy
Просмотров 432
I Live For This S*** | Mr. Robot4:00I Live For This S*** | Mr. Robot
I Live For This S*** | Mr. RobotMr. Robot
Просмотров 1,5 млн
New McLaren W1 Revealed: The HOLY TRINITY is BACK!09:11New McLaren W1 Revealed: The HOLY TRINITY is BACK!
New McLaren W1 Revealed: The HOLY TRINITY is BACK!carwow
Просмотров 928 тыс.
STRANDED by Hurricane Helene15:41STRANDED by Hurricane Helene
STRANDED by Hurricane HeleneJustin Rhodes
Просмотров 301 тыс.
Welcome To Puzzle Park13:22Welcome To Puzzle Park
Welcome To Puzzle ParkSMG4
Просмотров 1 млн
INSANE! 1ST Online Ranked Match! - Dragon Ball Sparking Zero37:25INSANE! 1ST Online Ranked Match! - Dragon Ball Sparking Zero
INSANE! 1ST Online Ranked Match! - Dragon Ball Sparking ZeroAfroSenju XL
Просмотров 544 тыс.
They Say This Malware is INSANE51:48They Say This Malware is INSANE
They Say This Malware is INSANEJohn Hammond
Просмотров 36 тыс.
Live Bug Boundy Hunting | Target: Udemy | HackerOne | Html injection #hackerone #bugbounty #bugcrowd17:43Live Bug Boundy Hunting | Target: Udemy | HackerOne | Html injection #hackerone #bugbounty #bugcrowd
Live Bug Boundy Hunting | Target: Udemy | HackerOne | Html injection #hackerone #bugbounty #bugcrowdZodiac
Просмотров 15 тыс.
When you Accidentally Compromise every CPU on Earth15:59When you Accidentally Compromise every CPU on Earth
When you Accidentally Compromise every CPU on EarthDaniel Boctor
Просмотров 843 тыс.
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera19:45Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security CameraMatt Brown
Просмотров 286 тыс.
DEF CON 32 - Disenshittify or die! How hackers can seize the means of computation - Cory Doctorow49:50DEF CON 32 - Disenshittify or die! How hackers can seize the means of computation - Cory Doctorow
DEF CON 32 - Disenshittify or die! How hackers can seize the means of computation - Cory DoctorowDEFCONConference
Просмотров 139 тыс.
A Legendary Web Framework is Reborn... In Rust9:49A Legendary Web Framework is Reborn... In Rust
A Legendary Web Framework is Reborn... In RustCode to the Moon
Просмотров 55 тыс.
DHH - Ruby on Rails, 37signals, and the future of web development1:09:57DHH - Ruby on Rails, 37signals, and the future of web development
DHH - Ruby on Rails, 37signals, and the future of web developmentdevtools-fm
Просмотров 29 тыс.
how is this hacking tool legal?11:42how is this hacking tool legal?
how is this hacking tool legal?Low Level
Просмотров 226 тыс.
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK40:31DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖK
DEF CON 31 - Weaponizing Plain Text ANSI Escape Sequences as a Forensic Nightmare - STÖKDEFCONConference
Просмотров 91 тыс.
Harley Quinn is amazing. #cosplay #joker#Harriet Quinn00:11Harley Quinn is amazing. #cosplay #joker#Harriet Quinn
Harley Quinn is amazing. #cosplay #joker#Harriet Quinn佐助与鸣人
Просмотров 7 млн
Eccentric painful massage and chiropractic adjustment for Christina #chiropractor00:10Eccentric painful massage and chiropractic adjustment for Christina #chiropractor
Eccentric painful massage and chiropractic adjustment for Christina #chiropractorDr. Chiro
Просмотров 570 тыс.
would you eat this? #shorts00:13would you eat this? #shorts
would you eat this? #shortsZach Choi ASMR
Просмотров 4,7 млн
Где он прячется? Дома и квартиры Путина и Кабаевой23:12Где он прячется? Дома и квартиры Путина и Кабаевой
Где он прячется? Дома и квартиры Путина и КабаевойНавальный LIVE
Просмотров 467 тыс.
А вам что больше запомнилось? (Трек: POLI - Котик)00:10А вам что больше запомнилось? (Трек: POLI - Котик)
А вам что больше запомнилось? (Трек: POLI - Котик)POLI
Просмотров 666 тыс.
Арестович: Почему не будет Саммита мира? Сбор для военных👇1:30:21Арестович: Почему не будет Саммита мира? Сбор для военных👇
Арестович: Почему не будет Саммита мира? Сбор для военных👇Alexey Arestovych
Просмотров 446 тыс.
Car vs bike. Which one won? (Epic fail to broke both of tapes) 😆 🏎️ Kaukonen00:24Car vs bike. Which one won? (Epic fail to broke both of tapes) 😆 🏎️ Kaukonen
Car vs bike. Which one won? (Epic fail to broke both of tapes) 😆 🏎️ KaukonenStunt Freaks Team
Просмотров 1,4 млн
Я СДЕЛАЛ ГИГАНТСКИЕ ЖЕЛЕЙНЫЕ РОЛЛЫ ВЕСОМ 160 КИЛОГРАММ21:06Я СДЕЛАЛ ГИГАНТСКИЕ ЖЕЛЕЙНЫЕ РОЛЛЫ ВЕСОМ 160 КИЛОГРАММ
Я СДЕЛАЛ ГИГАНТСКИЕ ЖЕЛЕЙНЫЕ РОЛЛЫ ВЕСОМ 160 КИЛОГРАММvanzai
Просмотров 1 млн