Скачать с ютуб Whiterose TryHackMe Walkthrough | Easy в хорошем качестве

Whiterose TryHackMe Walkthrough | Easy

In this video we are doing tryhackme's new ctf challenge - Whiterose made by - [ https://tryhackme.com/p/ngn ]. Here we have a Mr robot based CTF box, where we are provided with a base domain of a bank, after fuzzing for subdomains we found a subdomain with a login portal where we can use the provided credentials and later we can just manipulate the url to see the older chats and log in as admin with the found credentials. Now we have access to settings endpoint where we can enter a name and new password a user but it doesn't really update the password instead the web page reflects the entered password, So, guessing it would be SSTI as it the webserver uses Express in the backend. I started fuzzing for post parameters after i removed password parameter and show the error. We could conclude that it's using ejs a popular javascript template engine, a quick search for ejs ssti would land us on this rce exploit (CVE-2022-29078) and we can get initial foothold on the box. After that using our sudo perms for sudoedit to get root. Hope you'll learn something new. 🙏🚀❤️ Please leave a comment! [ tryhackme - https://tryhackme.com/r/room/whiterose ] ⭐️ Video Contents ⭐ ⌨️ 0:00 ⏩ Intro ⌨️ 0:30 ⏩ Starting the box ⌨️ 2:17 ⏩ Initial recon fuzzing for subdomains ⌨️ 4:30 ⏩ Getting admin access ⌨️ 8:10 ⏩ Initial foothold on the box using SSTI on /settings endpoint ⌨️ 14:17 ⏩ Rooting the box using sudoedit privesc ⌨️ 16:53 ⏩ Final POVs Follow me on social media: ●   / hoodietramp   ●   / hoodietramp   Blog: ● https://blog.h00dy.me Github: ● https://github.com/hoodietramp Mastodon: ● https://mastodon.social/@h00dy ● https://defcon.social/@h00dy ● https://infosec.exchange/@h00dy Join 345y🛸: ●   / discord   Support This Tramp! Donations are not required but are greatly appreciated! 💸BuyMeACoffee: https://buymeacoffee.com/h00dy #tryhackme #ctf #boot2root #redteam #walkthrough #pentesting #walkthrough