Exploiting Pluck CMS and Linux Privilege ...

Exploiting Pluck CMS and Linux Privilege Escalation | TryHackMe Dreaming

Feb 25, 2024

We covered TryHackMe Dreaming challenge where we demonstrated penetration testing concepts such as exploiting a vulnerable version of Pluck CMS to gain a reverse shell. Then we started the process of horizontal Linux privilege escalation. We moved between various users with alternating privileges such as www-data, lucien, death and morpheus. A combination of weak file permissions, incorrectly assigned privileges and hard coded credentials we were able to escalate privileges to the highest user, Morpheus, and wrap up the challenge.

Full writeup is here.

Enjoy this post?

Buy Motasem Hamdan / MasterMinds Group a pizza

More from Motasem Hamdan / MasterMinds Group

PrivacyTermsReport