Jack of All Trades: Securi-Tay 2020

The TryHackMe boot-to-root challenge, Securi-Tay 2020, requires learners to investigate a range of security issues on a compromised server.
The server is running unusual services on unconventional ports, which may be a security issue.
It is necessary to bypass Firefox restrictions to access the strange SSH running on HTTP port 80.
A base64-encoded string on the login page contains a encrypted URL which requires decryption using ROT13 to reach the Wikipedia page for Stegosauria.
A steganographic technique needs to be employed to reveal the CMS credentials “j_____”: and “T_____“.
A PHP command injection vulnerability is then exploited to gain remote code execution, enabling a reverse shell to be established.
A password list is discovered and SSH credentials are brute forced, granting access as the user “j___“.
The user flag is retrieved from an image file, and it is discovered that a binary with the SUID bit set allows root access.
The flags for this challenge are “securi{}” for the user flag and “securi{}” for the root flag.

Fast Feed