CTF Writeups

TryHackMe: Airplane

Writeup for the Airplane room on TryHackMe — LFI exploitation and privilege escalation.

#tryhackme#ctf#writeup#lfi

TryHackMe: Airplane — Writeup

Overview

The Airplane room on TryHackMe involves exploiting a Local File Inclusion (LFI) vulnerability to gain initial access and escalating privileges through misconfigured services.

Enumeration

bash
nmap -sV -sC -p- TARGET_IP
gobuster dir -u http://TARGET_IP -w /usr/share/wordlists/dirb/common.txt

Exploitation

Identify the LFI vulnerability in the web application. Use it to read sensitive files:

bash
http://TARGET_IP/page?file=../../../../etc/passwd

Privilege Escalation

Enumerate the system for privilege escalation vectors. Look for:

  • SUID binaries
  • Writable cron jobs
  • Misconfigured services
  • Kernel exploits

Key Takeaways

  • LFI vulnerabilities can expose sensitive system files
  • Always enumerate systematically after gaining access
  • Check for multiple privesc vectors