TryHackMe: RootMe Write-up

InfoSec Write-ups – Medium–

Beginner Level CTF

In this is a write-up of RooTMe, a THM beginner level challenge. Without any delay, let’s connect to our THM OpenVPN network and start hacking!!!

Task 1 Deploy the machine

Deploy the machine, and you will get your machine IP address. Your machine takes at least 2 mins to set up.

Task 2 Reconnaissance

  1. Scan your network using Nmap
nmap -A <machine-ip>
Nmap scan results

2. There are two open ports. Let us see what is in the HTTP(80) port.

3. It is just a static page. Let’s enumerate the webpage extensions through the Gobuster tool.

gobuster dir -u http://<machine-ip> -w 'wordlist'

4. Open the site extension that you found out. It is an uploading portal. Let us try uploading a PHP reverse shell.

Upload page

Task 3 Getting a shell

1. Something interesting we got. Let’s try uploading a PHP reverse shell. You can find one here.

2. Before uploading, change the IP address to your system IP and set the port. Also, check whether the extension of your file is .php5 to get new features of PHP.

3. Simultaneously open a new terminal and listen to the port 1234 using Netcat.

nc -lvp 1234

4. Successfully we got our shell.

5. To find out the path of the “user.txt” file.

find -name 'user.txt'

6. Blast!!! We got our first flag.

user.txt flag

Task 4 Privilege escalation

  1. Let’s escalate further to get the root flag. We can use LinPEAS for privilege escalation. You can start a python local server or apache2 and download the file into the machine shell.
Downloading the file in machine shell through hosted apache server

2. Make the file executable and run it. scan

3. Through Python, we can get into the root directory.

python -c 'print(open("/root/root.txt").read())'
root.txt flag

It was fun doing this challenge. I hope everyone learned something new:).

TryHackMe: RootMe Write-up was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s