TRYHACKME’S INCLUSION-STEP WISE WRITEUP FOR TOTAL BEGINNERS
Today we are going to complete tryhackme’s inclusion ctf. So, without any further a due let’s start with Enumeration using nmap.
well as we can see above there are 2 open ports. one is ssh and another one is http. let’s check http at port 80.
now we know from the name of ctf that this server is vulnerable to LFI. we can go ahead and try for LFI and try to read data of /etc/passwd.
Ok, here we got the /etc/passwd data and when we analyze it we can see a possible username and password. let’s ssh that.
Now, we have a foothold. let’s search for flags.let’s try ls command and we can see a user.txt file there and that’s our first flag guys
Time to escalate our privileges. let’s start checking with sudo -l there we see a binary having root privileges, meaning we can root that command with sudo command.
check gtfobins and search that binary name. And we can see that it’s exploit is available. Follow those sudo instructions from gtfobins page. Run this command on your terminal and you will get your root privileges.
sudo socat stdin exec:/bin/sh
Time to hunt down root.txt. let’s check /root cause mostly root.txt are available in /root. There we get our root.txt and using cat root.txt we can see the flag.
And ladies and gentlemen with that we just completed our inclusion ctf from tryhackme. This room was brought to us by 0xmzfr. Huge thanks to him and tryhackme for this awesome ctf. Go follow him on twitter guys. In summary today we learned about Local File Inclsuion and how to see data from local file using . If you need more info on this topic there are other rooms as well in tryhackme like OWASP TOP 10 vulnerabilities room and Web hacking path. Go check out those rooms too.
Now time to say goodbye for now and i will keep posting these writeups so make sure you check all. Till then goodbye and keep hacking!