THM: Blog
THM: Blog is a linux boot to root challenge that starts with a vulnerable WordPress blog. With the help of wpscan we’ll enumerate usernames and brute force a password. With those creds we can exploit a known RCE bug for this version of WP to get a shell. Finally we’ll do some basic static analysis of a root-owned SUID binary to escalate to a root shell.
THM: Overpass
THM: Overpass is a linux box that starts out with a simple authentication bypass on a website to access an admin page that revelas a SSH key. We’ll have to crack the passphrase, but once that’s done we’ll be able to SSH to the box. The theme of this box involves a “secure” password manager written by some compsci students. The source code is provided which will reveal where and how password data is stored. Once we understand how it works we’ll retrieve a password for another user on the box. Finally, we’ll abuse open file permissions on the hosts file to control what code is being executed by a cronjob running as root in order to escalate privileges.