Exploiting Pluck CMS and Linux Privilege Escalation | TryHackMe Dreaming

Nov 25, 2023

We covered TryHackMe Dreaming challenge where we demonstrated penetration testing concepts such as exploiting a vulnerable version of Pluck CMS to gain a reverse shell. Then we started the process of horizontal Linux privilege escalation. We moved between various users with alternating privileges such as www-data, lucien, death and morpheus. A combination of weak file permissions, incorrectly assigned privileges and hard coded credentials we were able to escalate privileges to the highest user, Morpheus, and wrap up the challenge.

Offensive Security Certified Professional Study Notes and Guide

This is a 1099 pages of notes that will guide and help you prepare for and pass the OSCP exam. When you buy this…

www.buymeacoffee.com

The Complete Practical Web Application Penetration Testing Course

Course Content: Introduction to Injection Vulnerabilities SQL Injection - Authentication Bypass SQL Injection - Error…

www.buymeacoffee.com

Full Writeup is here

Exploiting Pluck CMS and Linux Privilege Escalation | TryHackMe Dreaming

Offensive Security Certified Professional Study Notes and Guide

This is a 1099 pages of notes that will guide and help you prepare for and pass the OSCP exam. When you buy this…

The Complete Practical Web Application Penetration Testing Course

Course Content: Introduction to Injection Vulnerabilities SQL Injection - Authentication Bypass SQL Injection - Error…

Written by Motasem Hamdan

No responses yet