TryHackMe is an online platform that teaches Cybersecurity through hands-on virtual labs. Whether you are an expert or beginner, learn through a virtual room structure to understand theoretical and practical security elements.
Inclusion is an easy room on TryHackMe for beginners to explore.
You have to first signup to join the room. There are few simple steps that you can follow in the Signup page. Next follow the steps in the Welcome room to configure the VPN connectivity.
I have connected to TryHackMe network using OpenVPN on Kali Linux. Once you connect, the access page will confirm the status by confirming your IP address and status.
Join the room to access it's contents.
Click on Deploy to start the Vulnerable target machine.
The IP address of the target is displayed.
Start Enumeration using nmap. The -sV option will do a service fingerprinting too.
We can see that the nmap scan has revealed that port 22 and port 80 are open. Click on submit for the task#1 on TryHackMe. No answer is need for this.
Explore the http service by entering the IP in the web browser.
It is a blog which explains about hacking concepts like LFI and RFI. Click on View details under hacking this world section and notice that the address bar will display the page name as a parameter.
Similarly click on view details under LFI Attack and observe that the page name is displayed on address bar.
Also the article on the blog explains how we can try directory traversal and LFI attack. Try to view the passwd file on the target host.
../etc/passwd didn't give me the file.
../../etc/passwd too didn't give me the file.
../../../etc/passwd displayed the contents of the passwd.
Also notice that credentials of user falconfeast is displayed.
Use SSH and login to the target as falconfeast. Find the user flag.
Validate the user flag on TryHackMe.
To find the root flag, try the privilege escalation methods. Start with sudo -l to know which sudo operations are allowed for user falconfeast
The user has sudo permission to run socat. Find the socat command to spawn a shell for us. Use gtfobins.github.io to find this.
Run the command as sudo.
Note that now you are the root. navigate to the root's home directory and find the root flag.
Validate the flag on TryHackMe.
This was a beginner level room in TryHackMe to learn LFI attack concept.
I hope this write-up was informative for you. Please leave a feedback. Thank you
-Srivathsa Dhanvantri
Kommentare