RootMe is a CTF for beginners. It was the first TryHackMe box I completed entirely by myself. It’s pretty easy to hack, but it did introduce a few wrinkles I hadn’t encountered before. For example, I had to research how to bypass file upload restrictions. I ended up using an alternative extension to upload a PHP file. That allowed me to establish a reverse shell. Ultimately, I was able to gain root and hack the box. Here’s a brief overview of some of the techniques used:
Sound good? Let’s start hacking!
Brute It is a box designed to practice brute forcing passwords, cracking hashes, and escalating privileges. It is a fairly easy box, however there are still many commands one must use to gain root and some them can be tricky. The good news is there’s no IDS/IPS or WAF to worry about, so stealth is not a concern we will take into account with this hack. We will be using aggressive scans and Gobuster. Here’s a high level overview of the the hack:
All in all, it can be completed in less…
This basic machine allows you to practice web app hacking and privilege escalation. It is part of the free TryHackMe boxes and designed to teach basic penetration techniques. At a high level, these techniques are as follows:
I started by using sudo openvpn to connect to TryHackMe as was assigned a virtual IP. The target had an IP address of 10.10.34.1 and I was given one hour to complete the hack. And away we go!
I like to start my hacks by creating a folder for each box I hack…
Just a hackerman doing what hackermen do