Deploy The Machine The machine RootMe is available at TryHackMe . Start the machine so that target IP is available. Reconnaissance For the number of open ports run nmap. There are 2 ports are open: ssh and http. Apache version 2.4.29 is running. I get this info thru wappalyzer. secure shell or ssh is running on port 22. Apache info also can get by running gobuster. Here for hidden directory I am running gobuster tool $ gobuster dir -u http://10.10.51.16/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt Correct answer for hidden directory is /panel/ This means we can upload any file in this /panel page. I think this is the way to getting the shell. reverse shell or binding shell? For that I need to do some google. Oh there is reverse shell mention in that room also. So need to find reverse shell code thru google and upload from that. And access that server's shell thru my machine. Getting a shell I need to upload php reverse shell code in upload section...
Overview <mr. robot> Hello friend. If you've come, you've come for a reason. You may not be able to explain it yet, but there's a part of you that's exhausted with this world... a world that decides where you work, who you see, and how you empty and fill your depressing bank account. Even the Internet connection you're using to read this is costing you, slowly chipping away at your existence. There are things you want to say. Soon I will give you a voice. Today your education begins. This machine have WordPress website. After finding available directories in this website, login into admin panel of that wp-website using dictionary attack. Wordlist is available in robots.txt, also first flag is there. Since the wordpress in written in php, so use php reverse shell to enter into target machine. There is a robot user and password in raw-md5 hash form. Crack the hash and be robot, where second flag is found. Now using privilege escalation be the root. nmap with S...