Skip to main content

THM | Vulnversity

· 3 min read

Basic Computer Exploitation | Vulnversity | Summary:

This series of walkthroughs aims to help out complete beginners with finishing the Complete Beginner path on the TryHackMe website. It is based on the learning content provided in the Vulnversity room.

Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance.

Task | 1 | Deploy the machine

Question 1: Deploy the machine.

No answer needed

Task | 2 | Reconnaissance

Question 1: There are many Nmap "cheatsheets" online that you can use too.

No answer needed

Question 2: Scan the box; how many ports are open?

6

Question 3: What version of the squid proxy is running on the machine?

3.5.12

Question 4: How many ports will Nmap scan if the flag -p-400 was used?

400

Question 5: What is the most likely operating system this machine is running?

Ubuntu

Question 6: What port is the web server running on?

3333

Question 7: It's essential to ensure you are always doing your reconnaissance thoroughly before progressing. Knowing all open services (which can all be points of exploitation) is very important, don't forget that ports on a higher range might be open, so constantly scan ports after 1000 (even if you leave checking in the background).

No answer needed

Question 8: What is the flag for enabling verbose mode using Nmap?

-v

Task | 3 | Locating directories using Gobuster

Question 1: I have successfully configured Gobuster.

No answer needed

Question 2: What is the directory that has an upload form page?

/internal/

Task | 4 | Compromise the Webserver

Question 1: What common file type you'd want to upload to exploit the server is blocked? Try a couple to find out.

.php

Question 2: I understand the Burpsuite tool and its purpose during pentesting.

No answer needed

Question 3: What extension is allowed after running the above exercise?

.phtml

Question 4: While completing the above exercise, I have successfully downloaded the PHP reverse shell.

No answer needed

Question 5: What is the name of the user who manages the webserver?

bill

Question 6: What is the user flag?

<flag>

Task | 5 | Privilege Escalation

Question 1: On the system, search for all SUID files. Which file stands out?

/bin/systemctl

Question 2: What is the root flag value?

<flag>