0DAY-TRYHACKME

0xsanz
3 min readOct 22, 2020

This is the write-up for room named 0day on TryHackMe.

The room can be found here :- https://tryhackme.com/room/0day

Details given:

Exploit Ubuntu, like a Turtle in a Hurricane. Root my secure Website, take a step into the history of hacking.

What is required?:

user.txt and root.txt

Enumeration

NMAP:

As always lets start scanning the target with the IP given:

nmap -sC -sV 10.10.119.34

We have port 22-SSH and port 80-Web open with the above versions. Let enumerate further port 80 using Nikto.

NIKTO:

nikto -h 10.10.119.34

The above nikto scan reveals that this box is vulnerable to Shellshock. This is a very famous bug in bash and according to Wikipedia(https://en.wikipedia.org/wiki/Shellshock_(software_bug)):

--

--

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204,AZ500