Exploiting Hidden Ports Using Python & Directory Traversal | TryHackMe Airplane CTF

In this video walkthrough, we covered a CTF scenario where we started with nmap scanning followed by enumeration of the web application running on port 8000 where we discovered a directory traversal vulnerability allowing us to read the contents of sensitive files such as /etc/passwd. Using Python, we discovered the process name that is listening on port 6048 discovered during nmap scan. The application name was GDB server and we used Metasploit to exploit it and gain Meterpreter shell. Privilege escalation was achieved horizontally first by looking for binaries with SUID bit set and then to root using ruby.
****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
   / @motasemhamdan  
******
Writeup
https://motasem-notes.net/exploiting-...
TryHackMe Airplane
https://tryhackme.com/r/room/airplane
********
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6ai...
LinkedIn
[1]:   / motasem-hamdan-7673289b  
[2]:   / motasem-eldad-ha-bb42481b2  
Instagram
  / motasem.hamdan.official  
Twitter
  / manmotasem  
Facebook
  / motasemhamdantty