Inclusion — TryHackMe — Writeup
Hello. I’m Rahmos. Here is my Inclusion — TryHackMe — Writeup. Check it out!
First deploy the machine and use nmap to scan for opened ports.
Now let’s access its website as a web server is present.
Let’s click an article
Now I have the syntax for the web. Let’s replace “name=hacking” to “name=../../../../../etc/passwd”
Success! Now i have the content of /etc/passwd file. Look at the second last line, you see will see a credential of falconfeast password
Let’s ssh using this credential
ssh falconfeast@<ip>
Now we’re in.
Get the user.txt flag.
Now try to get root. First sudo -l so see which cmd we can run as root.
Well we can run socat as root without password needed.
As reference to https://gtfobins.github.io/gtfobins/socat/#sudo , execute this cmd to get root:
sudo socat stdin exec:/bin/sh
Ok now i’m root! cd to /root and get our final flag.
The end.
HAPPY HACKING
