Publisher TryHackMe Walkthrough | Easy + CVE-2023-27372

In this video we are hacking into tryhackme's new boot2root ctf challenge - publisher by - [ https://tryhackme.com/p/josemlwdf ]. In this we'll make use of CVE-2023-27372 for Spip cms and gain rce on the box and get that initial foothold, for privesc we are gonna use linpeas to find the run_container suid and app armor existence, we are going to use perl bypass for app armor and we got all perms on /opt/run_container.sh script that is used by the suid binary and edit it to make bash a suid and escalate our privileges to root. Hope you'll learn something new. 🙏🚀❤️

[ tryhackme - https://tryhackme.com/r/room/publisher ]

⭐️ Video Contents ⭐
⌨️ 0:00     ⏩  Intro
⌨️ 0:43     ⏩  Starting Ctf
⌨️ 1:07     ⏩  Initial Enumeration (Spip Cms)
⌨️ 6:35     ⏩  Initial Foothold on the box
⌨️ 7:07     ⏩  Grabbing id_rsa for think user
⌨️ 11:37   ⏩  Running linpeas
⌨️ 16:45   ⏩  PrivEsc To Root (Setting up SUID on bash shell)
⌨️ 18:25   ⏩  Final POVs


Follow me on social media:
● Twitter: hoodietramp
● Instagram: hoodietramp

Blog:
● https://blog.h00dy.me

Github:
● https://github.com/hoodietramp

Mastodon:
● https://mastodon.social/@h00dy
● https://defcon.social/@h00dy
● https://infosec.exchange/@h00dy

Join 345y🛸:
● Discord: discord

Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: https://buymeacoffee.com/h00dy

#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting

• #science_technology
• #hacking
• #ctfs
• #talks
• #cybersecurity
• #redteam
• #tryhackme
• #boot2root
• #pentesting
• #walkthrough