Скачать или смотреть TryHackMe Safezone Walkthrough | LFI, Log Poisoning, PrivEsc & Pivoting | Complete Exploit Guide

#cybersecurity #pentesting #tryhackme
TryHackMe Safezone Walkthrough | Complete Exploitation Guide (LFI → RCE → PrivEsc → Root)
Welcome back, hackers! In today’s video, we dive deep into the TryHackMe Safezone room — one of the most interesting Linux enumeration and privilege escalation challenges for beginners and intermediate pentesters.

This video is a complete, detailed walkthrough covering every phase of the attack chain:

🔍 What You Will Learn in This Video
1️⃣ Enumeration

Full Nmap scanning (-sC -sT -O -vv)

Identifying open ports 22 (SSH) and 80 (HTTP)

Gobuster directory brute-force discovery

2️⃣ Web Exploitation

Investigating login pages

Discovering Local File Inclusion (LFI) via GET parameter

Apache user dir enumeration (~files/pass.txt)

Extracting the Admin password hint

3️⃣ Credential Fuzzing

Writing a Python script to brute-force the admin password

Bypassing lockout (rate-limit evasion)

Logging in as Admin

4️⃣ LFI → RCE (Log Poisoning Exploit)

Reading /var/log/apache2/access.log

Injecting malicious PHP payload via User-Agent header

Achieving Remote Code Execution

Executing commands through the cmd parameter

5️⃣ Reverse Shell

Enumerating the system as www-data

6️⃣ Privilege Escalation

Using sudo -l

Cracking a SHA-512 hash using John The Ripper

SSH login as files

Internal service enumeration

SSH port forwarding (-L 2222:127.0.0.1:8000)

Discovering hidden web panel with command injection

Getting shell as yash

Abusing /root/bk.py to access root.txt

🏁 End Result

✔ Full exploitation chain
✔ User flag obtained
✔ Root flag captured
✔ All vulnerabilities explained in detail

💬 If you enjoy this kind of content:

Please LIKE, SUBSCRIBE, and leave a comment—your support helps me create more cybersecurity and pentesting videos!
#tryhackme
#safezone
#cybersecurity
#ethicalhacking
#penetrationtesting
#lfi
#rce
#linuxprivesc
#ctfwalkthrough
#hacklearning
#infosec
#bugbounty