Tech_Supp0rt:1 Hack into the scammer's under-development Website to foil their plans (TryHackMe)

In this video we are going to hack into the Tech_Supp0rt TryHackMe machine and investigate the target and also discovering the root.txt of the room

00.11 Machine objectives 00:54 Recon 02:20 Port scanning 03:40 Directory brute force 07:23 Accessing SMB shares port 445 11:26 Decrypting the (magical formula encryption) 13:23 Subrion admin panel 14:14 Subrion CMS 4.2.1 (CVE-2018-19422) Arbitrary file upload 16:40 Setting up our php reverse shell payload 18:47 Uploading php reverse shell file 19:43 Gaining a shell 20:58 Finding privilege escalation vector 26:20 iconv binary privilege escalation 27:21 iconv File read privilege escalation 29:43 Thank you for watching

#RCE #fileupload #tryhackme #sudo #custom ... https://www.youtube.com/watch?v=YXkN75aA-J4