TryHackMe! RootMe - Uploading Shells & SUID // CTF (Easy)

Подписаться 59 тыс.

Просмотров 7 тыс.

50% 1

Are you trying to solve the RootMe room on the TryHackMe ethical hacking training platform?
** DISCLAIMER: DO NOT ATTEMPT THE TECHNIQUES FROM THIS VIDEO ON SYSTEMS THAT YOU ARE NOT AUTHORIZED TO DO SO. THIS VIDEO IS FOR EDUCATIONAL PURPOSES ONLY. **
Join this channel to get access to perks:
/ @jongoodcyber
Make sure to subscribe so you don't miss new content!
/ @jongoodcyber
Looking to start a career in Information Security, Cyber Security, or Information Assurance? Check out all these resources to Get Started! www.jongood.com/getstarted/
Need CAREER COACHING or CONSULTING Services? www.jongood.com/services/
RootMe Quick Information:
-FREE
-CTF Room
-Easy Rating
-Linux Operating System
Join me as we walkthrough defeating the RootMe room on the TryHackMe platform. TryHackMe is an ethical hacking training platform that provides training and lab environments to improve your cyber security skills.
-Recommended ethical hacking books: www.amazon.com/shop/jongood?l...
-TryHackMe: tryhackme.com/
Blog Post: www.jongood.com/tryhackme-roo...
DISCLAIMER: You should never practice any of the skills learned through the platform or in this video without official written consent from system and network owners.
#TryHackMe #RootMe #EthicalHacking
🔥Training Courses🔥
___________________________________________
Full List: www.jongood.com/courses/
👕Merch👕
___________________________________________
www.jongood.com/merch
📱Social Media📱
___________________________________________
Discord: jongood.com/discord
Facebook: jongood.com/facebook
Instagram: jongood.com/instagram
LinkedIn: jongood.com/linkedin
Twitter: jongood.com/twitter
Website: jongood.com/
⚡️Lab & RU-vid Gear⚡️
___________________________________________
www.jongood.com/equipment/
📇Affiliates📇
___________________________________________
www.jongood.com/affiliates/
DISCLAIMER: I am an ambassador or affiliate for many of the brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.
DISCLAIMER (MUSIC): I only use royalty free music and sound effects.

Наука

Опубликовано:

19 авг 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 27

@brighter_cyber1887 2 года назад

Hi Jon, really enjoyed the CTF content. Would enjoy seeing some more in future.

@JonGoodCyber 2 года назад

Awesome, thank you!

@Shag_E 2 года назад

Coincidentally, I was working on a beginner ctf on thm when this video dropped. I was stuck at the end and had to look up a command that was mentioned, sudo -l. And I was stuck on this for a good while😅 if I would’ve watched this first I could’ve finished it a lot sooner.

@JonGoodCyber 2 года назад

Bummer! Well I'm glad that I will at least help other people in a similar situation.

@estefy2114 2 года назад

hi John , Can you do more videos like this .what else do you suggest one does to improve cybersecurity skills? Thanks , Estefy

@patm8251 2 года назад

I also think that if he does many videos on this will be great!

@JonGoodCyber 2 года назад

Absolutely! I recommend grabbing a free copy of my eBook ( www.jongood.com/getstarted/ ) where I go into more detail about skills that you should develop.

@JohnSmith-wp6xm 2 года назад

I’m new to this. Can you explain why the python folder is considered weird ? Thanks

@JonGoodCyber 2 года назад

This video isn't really meant to dive deep into the why but if you want to learn more you will want to research SUID and Python. At a high level, typically programming languages like Python have the ability to interact with the operating system and can be abused if permissions aren't very strict.

@accesscodetony1740 2 года назад

Why was the python path considered weird?

@JonGoodCyber 2 года назад

With less experienced hackers, being able to use a programming language like Python to privilege escalate is not usually one of the first things that comes to mind. It's not that we don't see those types of security vulnerabilities but typically other application or system misconfigurations, and vulnerable software versions tend to be the types of attack vectors we think of most commonly. Like anything, as your knowledge evolves, you start to identify some of these seemingly innocent paths.

@viktoriodenkov2046 2 года назад

More videos like this please

@JonGoodCyber 2 года назад

I'm glad that you enjoyed the video and thank you for the feedback!

@digitalturan 4 месяца назад

Why python is consider as an interesting or weird file? Is there any reason for that? And should we know the python command by heart or GTFOBins our best friend?

@JonGoodCyber 4 месяца назад

Although certainly not a video diving deep into the reasons why it's interesting, I highly recommend researching vulnerabilities in Python that you can exploit to help you in your journey. There's no rule in this career field that you have to memorize commands or usage syntax, but you should know where to find them.

@daddyfatsack68 10 месяцев назад

i did basically the same thing but when i run nc and click on shell.php5, nothing happens, the webpage loads and says "warning failed to daemonise, this is quite common and not fatal" i tried everything and idk how to get passed it.

@JonGoodCyber 10 месяцев назад

"Basically doing the same thing" doesn't sound like you did it exactly as shown. I recommend performing the demonstrated steps and see if that works. You can also check the TryHackMe discussion forums if it's a particular issue that isn't covered and still exists.

@drake0xF 4 месяца назад

probalby in shell.php you wrote machine ip, not openvpn ip

@lilham9044 5 месяцев назад

He really didn't explain alot in this video like how did you use 2> to find a file and how the Heck was that Python file weird out of All them files?

@JonGoodCyber 5 месяцев назад

The scope of this video was to show you how to complete the tasks successfully, not necessarily to break down super technical details. You have the answers, so now it's crucial to improve your research skills to dive deeper into those answers.

@cziegl3r 2 года назад

Waka Flocka Flame

@JonGoodCyber 2 года назад

I'm glad that you enjoyed the video!

@SilentCreepa22 7 месяцев назад

How the heck did you know what wordlist to use?!

@JonGoodCyber 7 месяцев назад

CTFs tend to stick with common lists, but sometimes you just need to try different lists to see what works. It's very uncommon for a lab or CTF to use a list that is not widely available because the point is to see if you know what you're doing process-wise and not necessarily if you have some secret list.

@SilentCreepa22 7 месяцев назад

@JonGoodCyber OH!!! So at the risk of sounding like a novice, is there a list somewhere OR does this just come with experience 🤔

@JonGoodCyber 7 месяцев назад

@@SilentCreepa22 Several lists are preloaded in Kali. You can also download lists or create your own if you want.