Root Me — TryHackMeArt of Escalation
Welcome back amazing hackers in this blog I came with another interesting topic RootMe walkthrough which is based on file upload and gaining shell find the flags.
Without wasting time let's get into the walkthrough. Firstly I perform a Nmap scan whether any useful information was obtained or not.
I had two open ports which were ports 22 and 80 opened. Then I opened 80 on the browser which was not interesting information.
I use the Gobuster tool for any hidden directory or some useful directories.
Then I find useful directories such as /uploads and /panel.
I redirected to /panel directory in a browser and checked out information and I saw one upload functionality there. I took PHP-reverse shell.php and modify the IP with my IP and I change the port number and started listening to Netcat.
nc -lvnp 4444
I Upload the PHP-reverse-shell.php but unfortunately couldn’t work.
So I refer to some bypassing techniques from googling it made me bypassed.
Instead of .php i use .phtml extension.
Then I navigated to /uploads location and I clicked the file Vola!!!