I am going to walkthrough "Creative" from TryHackMe. This is an easy-rated machine that starts off with discovering a new virtual host, exploiting a server-side request forgery vulnerability in a URL testing tool, and then escalating to root via the LD_PRELOAD environment variable.
One of the TCM Discord community members SecHamza created a TryHackMe room, and I gave it a spin and wanted to post my write-up about it. Here's my take.
Let's face it, not many of us enjoy writing a penetration testing report. If you're one of those rare people who do, kudos to you. For the rest of us, however, we can make the process a bit less daunting. But how?
A vulnerable version of Pi-Hole is running which can be leveraged to gain an initial shell on the box as a low-privileged user. An overly permissive cronjob is then abused to obtain a root shell.
Fuel is a beginner-rated machine on CyberSecLabs and features a version of Fuel CMS that is vulnerable to CVE-2018-16763. We discover a password in the bash history which is used to gain root access.
