TryHackMe - Easy

Writeups for 'Easy' level TryHackMe rooms

TryHackMe CTF: agentsudoctf (Easy)

Utilizes steganography with binwalk and steghide to extract hidden data from images. Employs zip2john to crack password-protected archives and Base64 decoding for credentials. Achieves privilege escalation by exploiting CVE-2019-14287 sudo vulnerability.

TryHackMe CTF: basicpentestingjt (Easy)

Uses enum4linux for Samba user enumeration and Hydra for brute-forcing SSH credentials. Exploits readable SSH private key with ssh2john to crack its passphrase, then leverages misconfigured sudo permissions for privilege escalation.

TryHackMe CTF: billing (Easy)

Exploits MagnusBilling CMS via CVE-2023-30258 to achieve initial access and PHP reverse shell. Leverages Fail2ban misconfiguration for privilege escalation to gain root access through manipulating ban actions.

TryHackMe CTF: bruteit (Easy)

Employs Hydra for brute-forcing admin credentials on a web portal, then uses ssh2john to crack an encrypted RSA private key. Achieves privilege escalation by exploiting sudo permissions on the cat command to read restricted files.

TryHackMe CTF: chillhack (Easy)

Bypasses command filtering on a web panel using backslash character escapes to upload and execute a PHP reverse shell. Extracts MySQL credentials from PHP files, pivots through multiple user accounts, and finally escapes Docker container restrictions for root access.

TryHackMe CTF: cowboyhacker (Easy)

Exploits anonymous FTP access to retrieve a password list, then uses Hydra to brute-force SSH credentials. Achieves privilege escalation by leveraging sudo permissions on the tar command to execute arbitrary commands as root.

TryHackMe CTF: crackthehash (Easy)

Demonstrates various hash cracking techniques using both online tools like Crackstation and local utilities including hashcat and John the Ripper. Covers identification and cracking of MD5, SHA1, SHA256, SHA512, and bcrypt hash formats.

TryHackMe CTF: fowsniff-ctf (Easy)

Exploits a data breach by utilizing leaked MD5 password hashes found through OSINT. Employs POP3 password reuse to gain initial access, and escalates privileges by modifying a world-writable Python script in the crontab to execute a reverse shell as root.

TryHackMe CTF: ignite (Easy)

Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.

TryHackMe CTF: inclusion (Easy)

Exploits a simple Local File Inclusion (LFI) vulnerability in a web application's article parameter to read sensitive system files. Leverages directory traversal via ../../../../ syntax to access /etc/passwd for user enumeration and read both user and root flag files directly.

TryHackMe CTF: lazyadmin (Easy)

Exploits a vulnerable SweetRice CMS installation by accessing exposed MySQL database backups containing admin credentials. Bypasses upload restrictions to gain initial access through a PHP reverse shell, then escalates privileges by leveraging a sudo permission on a Perl script.

TryHackMe CTF: overpass (Easy)

Exploits a client-side authentication bypass by manually setting a cookie to access restricted admin area. Cracks an SSH private key using ssh2john and achieves privilege escalation through a vulnerable cron job that relies on a host file which can be manipulated.