Publisher TryHackMe Walkthrough | Easy + CVE-2023-27372

In this video we are hacking into tryhackme's new boot2root ctf challenge - publisher by - [ https://tryhackme.com/p/josemlwdf ]. In this we'll make use of CVE-2023-27372 for Spip cms and gain rce on the box and get that initial foothold, for privesc we are gonna use linpeas to find the run_container suid and app armor existence, we are going to use perl bypass for app armor and we got all perms on /opt/run_container.sh script that is used by the suid binary and edit it to make bash a suid and escalate our privileges to root. Hope you'll learn something new. 🙏🚀❤️

[ tryhackme - https://tryhackme.com/r/room/publisher ]

⭐️ Video Contents ⭐
⌨️ 0:00 ⏩ Intro
⌨️ 0:43 ⏩ Starting Ctf
⌨️ 1:07 ⏩ Initial Enumeration (Spip Cms)
⌨️ 6:35 ⏩ Initial Foothold on the box
⌨️ 7:07 ⏩ Grabbing id_rsa for think user
⌨️ 11:37 ⏩ Running linpeas
⌨️ 16:45 ⏩ PrivEsc To Root (Setting up SUID on bash shell)
⌨️ 18:25 ⏩ Final POVs


Follow me on social media:
●   / hoodietramp  
●   / hoodietramp  

Blog:
● https://blog.h00dy.me

Github:
● https://github.com/hoodietramp

Mastodon:
● https://mastodon.social/@h00dy
● https://defcon.social/@h00dy
● https://infosec.exchange/@h00dy

Join 345y🛸:
●   / discord  

Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: https://buymeacoffee.com/h00dy

#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting