Backtrack — From Foothold to Root: A Step-by-Step Exploitation Walkthrough Exploring multi-layered vulnerabilities, privilege-escalation paths, and defensive takeaways through a realistic …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A detailed walkthrough of a multi-stage attack chain on a TryHackMe-style machine called Backtrack. Starting from port enumeration, the chain exploits an Aria2 path traversal vulnerability to extract Tomcat credentials, deploys a WAR-based reverse shell for initial foothold, then escalates privileges through Ansible sudo wildcard abuse, SSH port forwarding to reach an internal gallery app, a double-encoded file upload bypass, and finally TTY pushback via TIOCSTI injection to achieve root. Each vulnerability is paired with concrete defensive mitigations including path normalization, secret management, sudo hardening, and kernel-level TIOCSTI disabling.

Backtrack — From Foothold to Root: A Step-by-Step Exploitation Walkthrough

Get Roshan Rajbanshi ’s stories in your inbox