tryhackme-writeups

Writeups for the ROOMS available at TryHackMe.com

View on GitHub

TryHackMe Writeups

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

ROOMS

Name Description
Vulnversity - File Upload Vulnerability
- Privilege Escalation via systemctl
Kenobi - Samba Share Enumeration
- ProFTPd Exploit
- Privilege Escalation with Path Variable Manipulation
Blue - Eternal Blue (ms17-010)
- Use of msfconsole
Basic Pentesting - enum4linux
- SSH Password Cracking via Hydra
- linPEAS
- Cracking SSH Private Key via JohnTheRipper
Classic Passwd - Reverse Engineering using ltrace
JPGChat - Source Code Reading
- Python Library Manipulation
Regular expressions - Basics of RE
Crack the hash - Crack Station
- Hash Analyzer
- HashCat
- JohnTheRipper
tomghost - AJP Exploit (CVE-2020-1938)
- GPG Cracking via JohnTheRipper
Team - Source Code Reading
- Virtual Host Routing
- Subdomains Finder via WFUZZ
- LFI
- linPEAS
- CronJobs
Mr. Robot CTF - GoBuster Scan
- Web Login Dictionary Attack via BurpSuite
- PHP Reverse Shell
- SUID via Nmap
OhSINT - exiftool
Simple CTF - CMS Made Simple (CVE-2019-9053)
- SQLi
Pickle Rick - Source Code Read
- Command Injection Vulnerability
CTF collection Vol.1 —–
Badbyte - FTP Anonymous Login
- SSH Password Cracking via JohnTheRipper
- SSH Port Forwarding
- WordPress Plugins Enumeration
- WordPress File Manager RCE
Bounty Hacker - FTP Anonymous Login
- SSH Password Cracking via Hydra
- Privilege Escalation via tar
Metasploit —-
Lazy Admin - Recursive Directory Enumeration
- MySQL Backup File Enumeration
- Sweet Rice XSS Exploit
- Privilege Escalation via adding bash to a file
Overpass - Source Code Reading
- Broken Authentication Exploit via BurpSuite
- SSH Private Key Cracking via JohnTheRipper
- Privilege Escalation via CronJobs
- Working with Host File
Anonymous - Samba Enumeration
- FTP Anonymous Login
- File Content Manipulation (CronJobs)
VulnNet: Node - NodeJS Express Framework Exploit via Cookies
- File Content Manipulation
Anonforce - FTP Anonymous Login
- GPG Password Cracking via JohnTheRipper
- Password Cracking via HashCat
Thompson - Tomcat Error Page
- WAR File Exploit
Ignite - Fuel CMS RCE (CVE-2018-16763)
- Default Credentials
Startup - FTP Anonymous Login
- Wireshark (Follow TCP Stream)
Brooklyn Nine Nine - FTP Anonymous Login
- SSH Password Cracking via Hydra
- Privilege Escalation via less
Hydra - Basic of Hydra
- Crack Post Web Form
- Crack SSH
Chocolate Factory - FTP Anonymous Login
- Command Injection Vulnerability
- Reverse Engineering
- SUIDs