Silver Platter is a beginner-friendly TryHackMe room focused on web exploitation and Linux privilege escalation. You’ll scan for open ports, exploit a vulnerable web app (Silverpeas), harvest credentials, and escalate privileges to root. It’s a great hands-on challenge to practice enumeration, brute-forcing, and basic hacking techniques.
The challenge focuses on Linux forensics and log analysis to investigate suspicious activity. You'll analyze command history and system files to uncover how the attacker operated and maintained access.
I started the Rabbit Store challenge by taking advantage of a mass assignment vulnerability to create an already activated account. This gave us access to an API endpoint that was vulnerable to Server-Side Request Forgery (SSRF). Using the SSRF, we found the API documentation, which led us to another endpoint with a Server Side Template Injection (SSTI) vulnerability. I exploited that to get Remote Code Execution (RCE) and opened a shell on the server.
a medium-rated TryHackMe room that focuses on exploiting vulnerabilities in a WordPress site and performing privilege escalation to obtain the flag.
The Billing room on TryHackMe teaches you how to exploit a vulnerable billing system using basic web hacking techniques.
The Billing room on TryHackMe teaches you how to exploit a vulnerable billing system using basic web hacking techniques.
all tools in kali tools in thier catagory
Implementing your own military-grade encryption is usually not the best idea.
how insecure FTP configurations, overly permissive NFS exports, and poorly coded set-UID scripts can be chained together to achieve full system compromise.
Pyrat room is a beginner-friendly Capture The Flag (CTF) challenge focused on exploiting a vulnerable Python-based web application. The machine hosts a Python interpreter over a raw TCP connection, allowing arbitrary code execution. The challenge involves gaining a reverse shell, enumerating hidden credentials in a Git repository, escalating privileges from a web user to the main user, and finally gaining root access by analyzing an insecure custom RAT (Remote Access Tool). This room teaches skills in enumeration, reverse shell creation, Git credential leaks, and basic privilege escalation.