There’s nothing like the thrill of a challenge that whispers, “try me.” Today, I dove into the RootMe CTF room and walked away with root access—all while sharpening my hands-on skills in web security and pentesting.
Here’s how it went down:
Recon Like a Pro
Started with Nmap, scanning the target:
nmap -sC -sV -p-
Two ports were wide open. Curious, I ran an aggressive scan to pull service versions and get the Apache fingerprint. Knowing what you’re up against is half the battle.
Hunting for Hidden Paths
Time to map the terrain. Enter Gobuster:
gobuster dir -u http:// -w /usr/share/wordlists/dirb/common.txt
Two juicy paths popped up:
/uploads/ → seemed standard
/panel/ → the real playground
It was /panel/ that caught my eye. File upload functionality? Oh yes, vulnerabilities waiting to be discovered.
The Upload Trick
Classic move: I prepared a PHP reverse shell. But the site didn’t allow .php files. So… I went stealth mode: changed the extension to .phtml.
BANG! Uploaded!
Getting the Shell
Set up Netcat to listen:
nc -lvnp 1234
Ping… connection established. Boom! I was inside the server.
Privilege Escalation
Shell in hand, the target’s crown jewels were within reach. Using enumeration scripts and careful analysis, I escalated privileges and grabbed root access.
Lessons:
Recon is everything. Know the target before touching anything.
File upload vulnerabilities? Still a real threat today.
Small tweaks (like .phtml instead of .php) make the difference between “blocked” and “owned.”
Hands-on practice in CTFs = real-world skills. This is how you bridge the gap between theory and impact.
Takeaway:
Whether it’s CTFs or pentesting, the thrill isn’t just in “getting root”—it’s in learning, improvising, and leaving nothing unchecked. And yes… vibes means doing it with style.
~Swetha Jagannathan
Top comments (0)