TryHackMe challenge solutions and walkthroughs
Exploit a vulnerable FUEL CMS installation through a critical RCE vulnerability (CVE-2018-16763), then escalate privileges via password reuse. A classic lesson in default configs and unpatched software.
A Rick and Morty themed TryHackMe CTF challenge. Exploit a web server to find three ingredients to help Rick make his potion and turn back from a pickle.
Enumerate a vulnerable web application and exploit XXE to read sensitive files, then escalate privileges through a Python script vulnerability.
Discover a hidden FTP server and crack passwords to gain initial access. Use steganography and hash cracking to escalate privileges.
A Terminator-themed room featuring Samba enumeration, CuppaCMS exploitation via Remote File Inclusion, and cron job privilege escalation.
Exploit a PHP 8.1.0-dev supply chain backdoor to gain instant root access on a web server. A quick but powerful reminder that even trusted software can be weaponized.
Learn brute-force attack techniques against web login forms and SSH, crack password hashes, and escalate privileges via sudo misconfiguration.
A beginner-friendly room focusing on web exploitation through file upload vulnerabilities and Linux privilege escalation via SUID binaries.