TryHackMe Operation Coldstart Walkthrough | SSRF | Privilege Escalation

TryHackMe Operation ColdStart Walkthrough | SSRF + Tar Wildcard Injection Privilege Escalation | Full CTF Writeup

In this video, I walk through the TryHackMe Operation ColdStart room step by step — from initial reconnaissance to full root access.

We begin with Nmap enumeration, discover anonymous FTP access, extract backup files, review a vulnerable Flask application, exploit an SSRF vulnerability to access an internal admin endpoint, retrieve SSH credentials, and then escalate privileges using Linux tar wildcard injection via a root cron job.

⚠️ Disclaimer: This video is for educational and ethical hacking purposes only. Perform these exploits only in authorized environments or your own lab.

🛠️ What We Cover:
1. Nmap enumeration
2. Anonymous FTP enumeration
3. Reviewing Flask/Python source code
4. SSRF exploitation
5. Internal-only admin bypass
6. SSH credential discovery
7. Linux privilege escalation
8. Tar wildcard injection (--checkpoint-action)
9. Capturing user and root flags

🕒 Chapters:
0:00 - Introduction & Lab Overview
0:40 - Login as Normal User
09:20 - Login as Root
14:40 - Outro

🔗 Resources & Links:
TryHackMe Room: https://tryhackme.com/room/operationcoldstart
Subscribe for more Pentesting content: https://www.youtube.com/@pwnsploit
Follow me on X: https://x.com/Kai50229182

#tryhackme #ctf #ethicalhacking #cybersecurity #privilegeescalation #ssrf

Видео TryHackMe Operation Coldstart Walkthrough | SSRF | Privilege Escalation канала Pwnsploit