Exploiting the LazyAdmin Machine on TryHackMe
/ 1 min read
🦠 Step-by-step guide to exploiting the LazyAdmin machine on TryHackMe. This write-up details the process of exploiting the LazyAdmin Linux machine, starting with scanning for open ports and identifying services like SSH and Apache. The author discovers a hidden directory in the Apache server leading to the SweetRice CMS, where a backup file reveals admin credentials. After exploiting the CMS, a reverse shell is uploaded to gain user access. Finally, privilege escalation is achieved by executing a Perl script with root privileges, allowing access to the root flag. The write-up emphasizes the importance of securing web directories and file permissions to prevent such exploits.
Source

Original