This TryHackMe RootMe tutorial is pentesting walkthrough for the RootMe challenge, which is a pretty basic box running a web server and an SSH server. Pretty standard stuff right? We'll start off by snooping around the web server, running an NMAP scan and of course a brute force of the directories using GoBuster. We'll find an upload directory and a web panel which allows us to upload files. Let's go for the standard php reverse shell and setup a listener on our own machine, but wait, they don't allow php files to be uploaded. So let's try the .php5 extension, bingo! File upload successful. The next part of this TryHackMe Rootme tutorial is to escalate our privilege's so we can get root. This involves looking for a file which runs with root permissions, we can scan for files with a privelaged SUID, and we get a good list of them, but the one that is most easily exploited will by the python binary. It's weird that this file has these permissions but who cares, let's use it. That almost wraps it up for this RootMe walkthrough, at this point we just need to use python to spawn a bash shell so, and boom we are now root. Now we just have to find the root flag, which is in the root directory which is pretty common. TryHackMe RootMe walkthrough completed!

TryHackMe is one of the best ways learn penetration testing & cyber security, it's similar to HackTheBox and other platforms but TryHackMe is a bit better structured, where you have defined steps you have to complete, which gives you just enough information for you to be able to move forward without actually giving you the answers to the problems. And ofcourse, if you get stuck there are plenty of TryHackMe writeups available online like ours. This TryHackMe RootMe walkthrough involves a pretty simple box, as long as you have experience doing 1 CTF or 2-3 boxes this one should be pretty straight forward.

To more details check out here: TryHackMe RootMe Walkthrough Tutorial