Napping - THM
Napping is a medium difficulty box from TryHackMe which had a interesting vulnerability called Tab Nabbing to phish the admin of the website to get user daniel’s credentials by which we could ssh into the box. We then alter a python file which is run every minute by user adrian to get a reverse shell back as that user. For root, we could execute vim as root . So we refer GTFOBINS for sudo entry for vim binary to elevate our privileges to root....