Jeff write-up THM
Hello there fellow hacker, today I'll be attempting to walk you through a fairly difficult room called Jeff on tryhackme.com created by JB7815 The key things that I learned from this room are:- Subdomain enumeration Escaping docker with a custom python script that performs wildcard exploitation Exploiting a binary with symbolic link Escaping rbash And exploiting crontab, so let's get started Before beginning our hacking, it's always a good practice to add the IP address to your /etc/hosts file #Foothold:- First step as usual we will begin with an nmap scan, nmap -sC -sV <Machine IP> -oN nmapscans -sC :- runs a script scan -sV :- tells the version of the services running on the box -oN:- saves the output of the scan Looks like we only have 2 ports open:- PORT STATE SERVICE 22 open ssh 80 open ...