TryHackMe Writeups
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
ROOMS
Name | Description |
---|---|
Vulnversity | - File Upload Vulnerability - Privilege Escalation via systemctl |
Kenobi | - Samba Share Enumeration - ProFTPd Exploit - Privilege Escalation with Path Variable Manipulation |
Blue | - Eternal Blue (ms17-010) - Use of msfconsole |
Basic Pentesting | - enum4linux - SSH Password Cracking via Hydra - linPEAS - Cracking SSH Private Key via JohnTheRipper |
Classic Passwd | - Reverse Engineering using ltrace |
JPGChat | - Source Code Reading - Python Library Manipulation |
Regular expressions | - Basics of RE |
Crack the hash | - Crack Station - Hash Analyzer - HashCat - JohnTheRipper |
tomghost | - AJP Exploit (CVE-2020-1938) - GPG Cracking via JohnTheRipper |
Team | - Source Code Reading - Virtual Host Routing - Subdomains Finder via WFUZZ - LFI - linPEAS - CronJobs |
Mr. Robot CTF | - GoBuster Scan - Web Login Dictionary Attack via BurpSuite - PHP Reverse Shell - SUID via Nmap |
OhSINT | - exiftool |
Simple CTF | - CMS Made Simple (CVE-2019-9053) - SQLi |
Pickle Rick | - Source Code Read - Command Injection Vulnerability |
CTF collection Vol.1 | —– |
Badbyte | - FTP Anonymous Login - SSH Password Cracking via JohnTheRipper - SSH Port Forwarding - WordPress Plugins Enumeration - WordPress File Manager RCE |
Bounty Hacker | - FTP Anonymous Login - SSH Password Cracking via Hydra - Privilege Escalation via tar |
Metasploit | —- |
Lazy Admin | - Recursive Directory Enumeration - MySQL Backup File Enumeration - Sweet Rice XSS Exploit - Privilege Escalation via adding bash to a file |
Overpass | - Source Code Reading - Broken Authentication Exploit via BurpSuite - SSH Private Key Cracking via JohnTheRipper - Privilege Escalation via CronJobs - Working with Host File |
Anonymous | - Samba Enumeration - FTP Anonymous Login - File Content Manipulation (CronJobs) |
VulnNet: Node | - NodeJS Express Framework Exploit via Cookies - File Content Manipulation |
Anonforce | - FTP Anonymous Login - GPG Password Cracking via JohnTheRipper - Password Cracking via HashCat |
Thompson | - Tomcat Error Page - WAR File Exploit |
Ignite | - Fuel CMS RCE (CVE-2018-16763) - Default Credentials |
Startup | - FTP Anonymous Login - Wireshark (Follow TCP Stream) |
Brooklyn Nine Nine | - FTP Anonymous Login - SSH Password Cracking via Hydra - Privilege Escalation via less |
Hydra | - Basic of Hydra - Crack Post Web Form - Crack SSH |
Chocolate Factory | - FTP Anonymous Login - Command Injection Vulnerability - Reverse Engineering - SUIDs |