Pyrat (TryHackMe) | Exploiting Python eval RCE, git-dump, SSH creds & PrivEsc — Step-by-Step

Step-by-step Pyrat CTF on TryHackMe — nmap → Python eval RCE → reverse shell → git-dumper → SSH creds → priv-esc → root flag. Learn the exploit chain and how to fix eval() RCE.
In this video I solve the TryHackMe Pyrat room step-by-step: from initial reconnaissance with Nmap, to exploiting a Python SimpleHTTP service using eval() RCE, retrieving a .git repo with git-dumper, obtaining user SSH credentials, and performing privilege escalation to capture the root flag.

What you’ll learn:

Fast Nmap scanning for CTFs and interpreting results.

Interacting with Python-based network services (when a web response says “Try a more basic connection”).

How to send a Python reverse-shell payload and get a working shell.

Retrieving leaked .git repositories using git-dumper.

Using leaked credentials to SSH in and capture user.txt.

Finding and exploiting application logic to escalate to root (brute-forcing admin, using code insight).

Root cause: unsafe use of eval() and how to mitigate (use ast.literal_eval(), input validation, sandboxing, least privilege).

Tools used: nmap, curl, netcat (nc), python reverse shell, git-dumper, ssh, simple Python scripts (brute force).
Vulnerable root cause: unsafe eval() on untrusted input → Remote Code Execution (RCE).
Resources & Links
TryHackMe Pyrat room: https://tryhackme.com/room/pyrat

#TryHackMe, #Pyrat, #CTF, #Cybersecurity, #EthicalHacking, #Pentesting, #ReverseShell, #RCE, #Python, #gitdumper, #PrivilegeEscalation, #InfoSec, #HackingTutorial, #Nmap

Видео Pyrat (TryHackMe) | Exploiting Python eval RCE, git-dump, SSH creds & PrivEsc — Step-by-Step канала Junhua's Cyber Lab