TryHackMe: Road

Today we will take a look at TryHackMe: Road. Please try to understand each step and take notes. This time, our machine has an Application Logic vulnerability. We can access the admin panel by making small changes to the outgoing request.

Information Gathering

First of all, let’s look at the necessary information on the website.

We found an email address extension, let’s save it.

When we press the Merchant central button, we are greeted by a panel. Let’s register.

Exploitation

When you want to upload a reverse shell to a profile photo from the settings section, we see that it will only be possible by the admin.

When we check other sections, we see the password change section.

Let’s change our password and track traffic with burp.

We know the admin email address. Why not check?

And booom. Password changed. Let’s check

Let’s check to get reverse shell

Let’s take a look at the answer that comes with Burp.

We found the directory. It’s time to get the reverse shell

Perfecto

User.txt

Privilege escalation

The first thing I do when I get a shell is check the gcc. If the target machine is running, I run CVE-2021–4034 (pwnkit) vulnerability. But of course you can find another way as linpeas.sh or manually.

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Stop Making Services

Goldie Hawn, in Protocol

BABYLONS & FOTA Airdrop Giveaway $1000 BUSD for 20 LUCKY WINNERS

AlchemyToys Challenge #2: The Challenger expedition

Hada & Hadalite Medium May 2022

Get into the Wollito vibe by following us on Youtube!

{UPDATE} Doodle Run Hack Free Resources Generator

How Computer Hackers and Identity Theft Are Related

{UPDATE} Tiburón Aventuras Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

TryHackMe: AttackerKB

picoCTF 2022: Forensics writeups

Plotted-TMS: TryHackMe

Tryhackme Archangel Writeup