Easy

📄️ Anonforce

Phase 1: Reconnaissance (Information Gathering)

📄️ Blueprint

The Blueprint machine presented several vulnerabilities:

This report details the penetration testing of a vulnerable web application. The assessment identified multiple vulnerabilities, including SQL Injection, Local File Inclusion (LFI) leading to Remote Code Execution (RCE), and a systemd-based privilege escalation exploit. These vulnerabilities were successfully exploited to gain root-level access to the target system.

📄️ Compiled

First download the file from the room (https://tryhackme.com/room/compiled) in order to analyze it.

📄️ Creative

1. Executive Summary

📄️ CyberLens

In http://cyberlens.thm/about.html we find "CyberLens Image Extractor", a metadata extractor. Checking the request with Burpsuit we find the end point at port 61777, which might be resposible for the metadata extraction.

📄️ Dav

This report details the successful exploitation of a misconfigured WebDAV service on the target system (10.10.168.117). The vulnerability allowed for the upload of a malicious PHP reverse shell, leading to command execution as the www-data user. Further, a sudo misconfiguration permitted privilege escalation to the root user, granting full administrative control over the system. The root flag was successfully retrieved.

📄️ Dreaming

1. Reconnaissance and Enumeration

📄️ Hijack

Executive Summary

📄️ Lesson Learned?

Executive Summary

📄️ Library

1. Reconnaissance and Enumeration

📄️ Light

Reconnaissance

📄️ Lo-Fi

Objective

📄️ Lookup

1. Initial Enumeration

📄️ mKingdom

I. Reconnaissance and Enumeration

📄️ Pyrat

1. Introduction (from room)

📄️ Red

This report details the process of identifying and exploiting vulnerabilities in a target system, designated "Red," as part of a simulated penetration testing exercise. The attack path involves exploiting a Local File Inclusion (LFI) vulnerability, bypassing weak input sanitization, discovering and cracking a password, gaining initial access via SSH, manipulating file attributes for a reverse shell, and ultimately achieving root-level access through the exploitation of CVE-2021-4034 (PwnKit).

📄️ Reversing ELF

Crackme1

📄️ Silver Platter

Target Discovery

📄️ The Sticker Shop

Introduction

📄️ Thompson

This report details a successful penetration test against a target system running Apache Tomcat. The attack vector exploited a default/weak credential vulnerability in the Tomcat Manager application, leading to remote code execution (RCE) via a malicious WAR file upload. Further enumeration revealed a scheduled task running as root, which was leveraged to achieve privilege escalation.

📄️ TryHack3M: Bricks Heist

1. Initial Target Setup and Port Scanning

📄️ U.A. High School

This report details the findings of a penetration test conducted against a target system representing U.A. High School's network infrastructure. The test successfully identified multiple vulnerabilities, leading to full system compromise (root access). The vulnerabilities exploited included:

📄️ Valley

This report details the penetration testing of the "Valley" machine. The engagement began with reconnaissance, identifying open ports and services. Vulnerabilities were discovered in a web application, including directory traversal and exposed credentials. These vulnerabilities were leveraged to gain initial access via SSH. Further enumeration revealed a misconfigured cron job, leading to privilege escalation and full root access.

📄️ W1seGuy

What is XOR (Very Briefly)?

📄️ Wgel CTF

This report documents the process of successfully compromising the "Wgel" Capture the Flag (CTF) machine. The attack path involved identifying an exposed SSH private key through web directory enumeration, gaining initial access as a low-privileged user, and escalating privileges to root by exploiting a misconfigured wget binary allowed to be run with sudo. The final privilege escalation leverages wget to overwrite the system's crontab, injecting a reverse shell command.

📄️ White Rose