TryHackMe 0day

Описание: This is a video walk-through of TryHackMe's 0day. If you prefer a written walk-through. You can find it here:
https://readysetexploit.gitlab.io/hom...

Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689

Intro:
0:00 Intro
1:00 Reviewing Nmap results
2:50 Reviewing Web Site
3:38 Running Gobuster and examining directories
5:57 The backup directory has a SSH key, rabbit hole
8:50 Looking at the cgi-bin directory points us to Shellshock
11:55 Finding what kind of scripts to look for
12:45 Finding the cgi script, begin Shellshock exploit
15:36 Shellshock vulnerability confirmed
17:42 Using Burp to also test Shellshock
18:27 Getting reverse shell on target
21:40 Doing basic privilege escalation enumeration
23:40 Finding that the machine is running an outdated Linux Kernel
25:51 Finding kernel exploit
27:04 Downloading exploit and transferring to victim's machine
28:08 Compiling exploit, running into error
29:08 Finding error is due to a PATH issue
30:39 PATH issued fixed, compiled exploit and getting root
EXTRA
32:13 Running Nikto to see if it finds the Shellshock vulnerability
34:00 Getting root reverse shell and dropping root SSH keys
35:25 Nikto does find Shellshock vulnerability