TryHackMe: Road

Today we will take a look at TryHackMe: Road. Please try to understand each step and take notes. This time, our machine has an Application Logic vulnerability. We can access the admin panel by making small changes to the outgoing request.

Information Gathering

First of all, let’s look at the necessary information on the website.

We found an email address extension, let’s save it.

When we press the Merchant central button, we are greeted by a panel. Let’s register.

Exploitation

When you want to upload a reverse shell to a profile photo from the settings section, we see that it will only be possible by the admin.

When we check other sections, we see the password change section.

Let’s change our password and track traffic with burp.

We know the admin email address. Why not check?

And booom. Password changed. Let’s check

Let’s check to get reverse shell

Let’s take a look at the answer that comes with Burp.

We found the directory. It’s time to get the reverse shell

Perfecto

User.txt

Privilege escalation

The first thing I do when I get a shell is check the gcc. If the target machine is running, I run CVE-2021–4034 (pwnkit) vulnerability. But of course you can find another way as linpeas.sh or manually.

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

HACKTHEBOX | MEOW | writeup

{UPDATE} Book of Mormon Adventure Deluxe Hack Free Resources Generator

https://t.me/safezonev2

Encryption, Hashing, and Secure Software Development

Beware of Fake Phising Websites

TryHackMe: AttackerKB

No Grandpa, the Wall Isn’t on Fire

Wishy-washy on COPPA & GDPR-K compliance because you think you’ll miss out on ad revenue?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

TryHackMe: Vulnversity

Basic Pentesting CTF Walkthrough TryHackMe

TryHackMe: Windows Forensics 1 Walkthrough