{"id":194,"date":"2023-04-26T14:18:37","date_gmt":"2023-04-26T06:18:37","guid":{"rendered":"https:\/\/zysgmzb.club\/?p=194"},"modified":"2023-04-26T14:18:37","modified_gmt":"2023-04-26T06:18:37","slug":"tryhackme%e9%9d%b6%e5%9c%ba%e8%ae%b0%e5%bd%95-rootme","status":"publish","type":"post","link":"https:\/\/zysgmzb.club\/index.php\/archives\/194","title":{"rendered":"TryHackMe\u9776\u573a\u8bb0\u5f55–RootMe"},"content":{"rendered":"

RootMe<\/h1>\n

Task2<\/h2>\n

Scan the machine, how many ports are open?<\/p>\n

\"\"<\/p>\n

2<\/code><\/pre>\n
What version of Apache is running?<\/p>\n
2.4.29<\/code><\/pre>\n
What service is running on port 22?<\/p>\n
ssh<\/code><\/pre>\n
Find directories on the web server using the GoBuster tool.<\/p>\n
\"\"<\/p>\n
What is the hidden directory?<\/p>\n
\/panel\/<\/code><\/pre>\n
Task3<\/h2>\n
user.txt<\/p>\n
Apache2.4.29\u7248\u672c\u6709\u4e2a\u6587\u4ef6\u89e3\u6790\u7684\u6d1e\uff0c\u76f4\u63a5\u4f20\u4e00\u4e2a\u4e00\u53e5\u8bdd\uff0c\u6587\u4ef6\u540d\u4e3axxx.php.\\\u5c31\u8fde\u4e0a\u4e86<\/p>\n
\"\"<\/p>\n
THM{y0u_g0t_a_sh3ll}<\/code><\/pre>\n
Task4<\/h2>\n
Search for files with SUID permission, which file is weird?<\/p>\n
\"\"<\/p>\n
\u4e00\u773c\u4e01\u771f<\/p>\n
\/usr\/bin\/python<\/code><\/pre>\n
Find a form to escalate your privileges.<\/p>\n
root.txt<\/p>\n
https:\/\/gtfobins.github.io\/#\u8fd9\u91cc\u9762\u627e\u4e2apython\u7684suid\u63d0\u6743<\/a><\/p>\n
\u672c\u6765\u4f7f\u7528\u7684\u8681\u5251\uff0c\u540e\u6765\u53d1\u73b0\u8681\u5251\u7684shell\u591a\u5c11\u6709\u70b9\u95ee\u9898\uff0c\u53c8\u6362\u4e86\u5f39shell<\/p>\n
\u53cd\u5f39shell\u7684php\u811a\u672c --> https:\/\/github.com\/pentestmonkey\/php-reverse-shell\/blob\/master\/php-reverse-shell.php<\/a><\/p>\n
\"\"<\/p>\n
THM{pr1v1l3g3_3sc4l4t10n}<\/code><\/pre>\n
\n
md\uff0c\u5fcd\u4e0d\u4e86\u4e86\uff0c\u7f51\u7edc\u8d28\u91cf\u592a\u5dee\u4e86\uff0c\u4e4b\u540e\u518d\u53bb\u770b\u770b\u6625\u79cb\u4e91\u5883\u5427<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
RootMe Task2 Scan the machine, how many ports are open? 2 What version of Apache is running? 2.4.29 What service is running on port 22? ssh Find directories on the web server using the GoBuster tool.  […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-194","post","type-post","status-publish","format-standard","hentry","category-learn"],"_links":{"self":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/comments?post=194"}],"version-history":[{"count":1,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/194\/revisions"}],"predecessor-version":[{"id":195,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/194\/revisions\/195"}],"wp:attachment":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/media?parent=194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/categories?post=194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/tags?post=194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}