TryHackMe

Overview Room URL: https://tryhackme.com/room/solar Difficulty: Medium Time to complete: 60 Walkthrough 1. CVE-2021-44228 Introduction No answer needed! 2. Reconnaissance What service is running on port 8983? (Just the name of the software) nmap -sV -p 8983 <MACHINE_IP> => Answer: Apache Solr 3. Discovery Take a close look at the first page visible when navigating to http://MACHINE_IP:8983. You should be able to see clear indicators that log4j is in use within the application for logging activity. What is the -Dsolr.log.dir argument set to, displayed on the front page? ...

Overview Room URL: https://tryhackme.com/room/owaspjuiceshop Difficulty: Easy Time to complete: 120 Walkthrough 1. Open for business! No answer needed! 2. Let’s go on an adventure! Question #1: What’s the Administrator’s email address? => Answer: admin@juice-sh.op Question #2: What parameter is used for searching? => Answer: q Question #3: What show does Jim reference in his review? => Answer: Star Trek 3. Inject the juice Question #1: Log into the administrator account! Using Burp Suite, change the email value to: "' OR 1=1 --" and forward ...

Overview Room URL: https://tryhackme.com/room/inputmanipulationpromptinjection Difficulty: Easy Time to complete: 45 Walkthrough 1. Introduction No answer needed! 2. System Prompt Leakage What do we call the exposure of hidden system instructions? => Answer: leakage 3. Jailbreaking What evasive technique replaces or alters characters to bypass naive keyword filters? => Answer: Obfuscation 4. Prompt Injection Which injection type smuggles instructions via uploaded documents, web pages, or plugins? => Answer: Indirect Which injection type places malicious instructions directly in the user input? ...

Overview Room URL: https://tryhackme.com/room/puttingitalltogether Difficulty: Easy Time to complete: 15 Walkthrough 1. Putting It All Together No answer needed! 2. Other Components What can be used to host static files and speed up a clients visit to a website? => Answer: CDN What does a load balancer perform to make sure a host is still alive? => Answer: health check What can be used to help against the hacking of a website? ...

Overview Room URL: https://tryhackme.com/room/howwebsiteswork Difficulty: Easy Time to complete: 25 Walkthrough 1. How websites work What term best describes the component of a web application rendered by your browser? => Answer: Front End 2. HTML One of the images on the cat website is broken - fix it, and the image will reveal the hidden text answer! Change the <img src='img/cat-2'> to <img src='img/cat-2.jpg'>: => Answer: HTMLHERO Add a dog image to the page by adding another img tag (<img>) on line 11. The dog image location is img/dog-1.png. What is the text in the dog image? ...

Overview Room URL: https://tryhackme.com/room/linuxstrengthtraining Difficulty: Easy Time to complete: 45 Walkthrough 1. Intro No answer needed! 2. Finding your way around linux - overview What is the correct option for finding files based on group => Answer: -group What is format for finding a file with the user named Francis and with a size of 52 kilobytes in the directory /home/francis/ => Answer: find /home/francis -type f -user Francis -size 52k ...

Overview Room URL: https://tryhackme.com/room/toolboxvim Difficulty: Easy Time to complete: 45 Walkthrough 1. Task 1 No answer needed! 2. Task 2 How do we enter "INSERT" mode? => Answer: i How do we start entering text into our new Vim document? => Answer: typing How do we return to command mode? => Answer: esc How do we move the cursor left? => Answer: h How do we move the cursor right? ...

Overview Room URL: https://tryhackme.com/room/linuxprivesc Difficulty: Medium Time to complete: 75 Walkthrough 1. Deploy the Vulnerable Debian VM Deploy the machine and login to the "user" account using SSH. sudo openvpn <file>.ovpn No answer needed! Run the "id" command. What is the result? user@debian:~$ id uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev) => Answer: uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev) 2. Service Exploits No hints needed! 3. Weak File Permissions - Readable /etc/shadow What is the root user's password hash? ...

Overview Room URL: https://tryhackme.com/room/networktrafficbasics Difficulty: Easy Time to complete: 60 Walkthrough 1. Introduction No hints needed! 2. What is the Purpose of Network Traffic Analysis? What is the name of the technique used to smuggle C2 commands via DNS? => Answer: DNS Tunneling 3. What Network Traffic Can We Observe? Look at the HTTP example in the task and answer the following question: What is the size of the ZIP attachment included in the HTTP response? Note down the answer in bytes. ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. SQL Injection Room - Learn how to detect and exploit SQL Injection vulnerabilities Overview Room URL: https://tryhackme.com/room/sqlinjectionlm Difficulty: Medium Time to complete: 30 Walkthrough 1. Brief What does SQL stand for? => Answer: Structured Query Language ...