Hello, cybersecurity enthusiasts! In this blog, we’ll take a brief look at the “Airplane” room on TryHackMe. This walkthrough will guide you through the initial steps and key techniques needed to complete the challenge. For a detailed, step-by-step guide, make sure to check out my YouTube video linked below.
Initial Reconnaissance
We begin with an Nmap scan to identify open ports and services on the target machine. Configure /etc/hosts to resolve the IP to airplane.thm:
nano /etc/hostsUpon visiting airplane.thm:8000, we discovered a Local File Inclusion (LFI) vulnerability.
Exploiting the Vulnerability
By leveraging the LFI vulnerability, we used a Python script to identify the process running on port 6048. Details on the script and how it works are covered in the video.
Gaining Access
We discovered that gdbserver was running on port 6048 and used resources from Hacktricks to exploit this service and gain access. The full exploitation process is demonstrated in the video.
Privilege Escalation
After gaining initial access, we escalated our privileges by exploiting SUID misconfigurations and other techniques. The complete method is shown in the video.
To get the full experience and detailed walkthrough, watch the video on my YouTube channel and don’t forget to subscribe for more tutorials and cybersecurity tips!
Subscribe for more tutorials and cybersecurity tips: YouTube Channel
Hit the bell icon to get notified about my latest videos!
