In this video we are hacking into tryhackme's new boot2root ctf challenge - mKingdom by - [ tryhackme.com/p/uartuo ]. In this we'll make use of default creds to access dashboard for concrete cms and gain rce using php revshell and gain the initial foothold, after that we can crack mysql password hash for toad to escalate to user toad and check environment variables where we'll find mario user's base64 pass and later take advantage of writable perms over /etc/hosts file to escalate our privileges to root. Hope you'll learn something new.
[ tryhackme - tryhackme.com/r/room/mkingdom ]
⭐️ Video Contents ⭐
⌨️ 0:00 ⏩ Intro
⌨️ 0:33 ⏩ Starting Ctf
⌨️ 2:14 ⏩ Initial Enumeration (Concrete Cms)
⌨️ 7:10 ⏩ Initial Foothold on the box
⌨️ 12:30 ⏩ Cracked mysql hash for toad user
⌨️ 15:40 ⏩ Getting mario user
⌨️ 17:40 ⏩ PrivEsc To Root (Setting up SUID on bash shell)
⌨️ 26:20 ⏩ Final POVs
Follow me on social media:
● / hoodietramp
● / hoodietramp
Blog:
● blog.h00dy.me
Github:
● github.com/hoodietramp
Mastodon:
● mastodon.social/@h00dy
● defcon.social/@h00dy
● infosec.exchange/@h00dy
Join 345y🛸:
● / discord
Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: buymeacoffee.com/h00dy
26 июн 2024
