Member-only story
Pyrat: TryHackMe Writeup
Hey everyone! Today, We’ll take a walkthrough across an interesting TryHackMe room I explored recently. This challenge was a great way to test out some Python skills and dig into server vulnerabilities. If you’re ready to follow along, let’s dive into the details.
Pyrat receives a curious response from an HTTP server, which leads to a potential Python code execution vulnerability. With a cleverly crafted payload, it is possible to gain a shell on the machine. Delving into the directories, the author uncovers a well-known folder that provides a user with access to credentials. A subsequent exploration yields valuable insights into the application’s older version. Exploring possible endpoints using a custom script, the user can discover a special endpoint and ingeniously expand their exploration by fuzzing passwords. The script unveils a password, ultimately granting access to the root.
