Скачать или смотреть TryHackMe | Jason Room Walkthrough [Voice | Explained]

00:00 - Intro
00:10 - Nmap
00:55 - Enumerating via web browser, taking a look at what is web-app doing.
03:06 - Analyzing requests and cookies with Burp Suite tells us about serialization.
06:18 - Searching up public exploits and trying out one RCE PoC available on exploit-db.
09:23 - Exploits failed, so we try to debug the program by analyzing the request with Burp Suite.
11:38 - Public RCE exploit does not work, we move on to find another way out and found out deserialization bug to RCE blog post.
12:12 - Trying to execute `ls` command fails.
13:15 - Trying to get ping back on our machine from target machine using deserialization bug fails.
15:19 - Got the ping back after self-invoking the function in serialized string.
16:13 - Getting reverse shell back!
17:26 - Got the shell back, analyzing the `server.js` file.
20:32 - Finding potential ways of privilege escalation.
21:40 - Abusing sudo binary to get root on the box.

Write-up: https://noobtech.pro/writeup/tryhackm...

Exploiting a Node.js web-app that is vulnerable to deserialization which give us a reverse shell back - following with sudo binary privilege escalation.

Join the discord server for frequent giveaways and resources.
You can help me in keep running these giveaways via Patreon.

Patreon:   / techmafia  
Discord:   / discord