https://github.com/zeyu-li/tryhackme
Hacker Man π¨βπ»
https://github.com/zeyu-li/tryhackme
hacking security tryhackme vulnversity writeups
Last synced: 22 days ago
JSON representation
Hacker Man π¨βπ»
- Host: GitHub
- URL: https://github.com/zeyu-li/tryhackme
- Owner: Zeyu-Li
- Created: 2021-03-04T17:14:09.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-05-19T03:55:17.000Z (almost 3 years ago)
- Last Synced: 2025-10-09T10:17:57.834Z (5 months ago)
- Topics: hacking, security, tryhackme, vulnversity, writeups
- Homepage: https://tryhackme.com/
- Size: 1.91 MB
- Stars: 9
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Try Hack Me Solutions
[tryhackme.com](https://tryhackme.com/) is a website containing cyber security problems/questions.
Try Hack Me is organized into rooms that might have many problems relating to a central theme. To attempt the problems, one needs to open a connection to AttackBox, a web-based connection to a Kali machine. Alternatively you can use OpenVPN. For free users there exists a time limit on using the machine, but people with subscriptions, it is unlimited max machine open is 3.
## Path
1. Start with the tutorial which will help you set up
2. Next do an easy challenges such as [Vulnversity](https://tryhackme.com/room/vulnversity) although this one is a bit long and something like [Web Fundamentals](https://tryhackme.com/room/webfundamentals) might be easier
3. Do some more easy/tutorial ones to get your feet wet
## Index
1. [Tutorial](#begin)
2. [How to use TryHackMe](htuthm)
3. [Welcome](#welcome)
4. [OpenVPN](#openvpn)
5. [Web Fundamentals](#webf)
6. [Intro to Python](#python)
7. [Burp Suite](#burp)
8. [Linux Series (1-3)](#linux)
1. [Part 1](#l1)
2. [Part 2](#l2)
3. [Part 3](#l3)
9. [Windows Intro](#introwindows)
10. [Google Dorking](#googled)
11. [How Websites Work](#introwebsite)
12. [Introductory Networking](#inetwork)
13. [Hashing - Crypto 101](#hash101)
14. [Intro Shells](#ishell)
15. [Nmap](#nmap)
16. [Hydra](#hydra)
17. [HTTP in detail](#http)
18. [Putting it all together](#putting)
19. [Active Directory Basics](#adb)
20. [John the Ripper](#john)
21. [Common Linux Privesc](#CLP)
22. [Metasploit](#Metasploit)
23. [Encryption - Crypto 101](#encryption)
24. [Linux PrivEsc](#linuxesc)
25. [DNS in Detail](#dns)
26. [Vulnversity](#vulnversity)
27. [Network Services](#ns)
28. [Network Services 2](#ns2)
29. [OhSINT](#OhSINT)
30. [OWASP Top 10](#owasp)
31. [OWASP Juice Shop](#owaspjs)
32. [Upload Vulnerabilities](#upload)
33. [Kenobi](#Kenobi)
34. [Basic Pentesting](#bp)
35. [Mr Robot CTF](#mrrobot)
36. [Blue](#blue)
37. [Ice](#ice)
38. [Steel Mountain](#sm)
39. [Nessus](#Nessus)
40. [Pickle Rick](#pickle)
41. [Wireshark 101](#wireshark)
42. [Attacktive Directory](#attacktive)
43. [Post-Exploitation Basics](#peb)
44. [Attacking Kerberos](#attackk)
45. [Introduction to Django](#django)
### [Tutorial](https://tryhackme.com/room/tutorial)
1. Start a machine, this will take ~ 1-2 minutes for pro accounts
2. (Recommended) have two windows if 2+ monitors, 1 for Kali Linux window and another for the instructions
3. Follow instructions to get the flag and submit it
### [How to use TryHackMe](https://tryhackme.com/room/tutorial)
Similar to Tutorial (above), however you don't need to do `Start AttackBox`
### [Welcome](https://tryhackme.com/room/hello)
A nice intro to TryHackMe
### [OpenVPN](https://tryhackme.com/room/openvpn)
1. Download OpenVPN and install it
2. Download the configuration files from TryHackMe
3. Load the config file onto OpenVPN
4. Connect
5. ssh into server
### [Web Fundamentals](https://tryhackme.com/room/webfundamentals)
Good place to start out
Instead of using curl in the command line, using postman to send requests might be easier
### [Intro to Python](https://tryhackme.com/room/introtopython)
Trivial
Do for last step (\* note txt is the text file containing the task file)
```python
import base64
with open("txt", "r") as fp:
flag = f.read()
for i in range(5):
flag = base64.b16decode(flag)
for i in range(5):
flag = base64.b32decode(flag)
for i in range(5):
flag = base64.b64decode(flag)
print(flag)
```
Then run with `python3 t.py` or whatever you named your python file
### [Burp Suite](https://tryhackme.com/room/rpburpsuite)
Follow instructions, mostly straight forward
Task 6 (some step in the middle) the question that starts with "Return to your web browser and navigate to the web application hosted on the VM we deployed just a bit ago", this web application is deployed/started in Task 6 (show below)
The URL to enter is the one at the top of the page in a red box (see below)
### [Linux Series](#)
#### 1. [Part 1](#https://tryhackme.com/room/linux1)
Simple and easy -> do it in any Linux distro except for **Task 9**, but that's just my friend *pinguftw* for the answer if you can't be bothered to run the binary :p
#### 2. [Part 2](https://tryhackme.com/room/linux2)
\* Remember to start the machine (which is different from the attack box)
This one has a lot of useful information and here are some that I did not know:
* `;` operator is the same as `&&` but does not need to execute successfully
#### 3. [Part 3](https://tryhackme.com/room/linux3)
This part goes through some more tools and commands for us to go into.
Task 7 -> `find / -name shiba4 2>/dev/null` (idk what `2>/dev/null` does but it works)
### [Windows Intro](https://tryhackme.com/room/intro2windows)
A simple intro to the Windows operating system. This barely counts as a room, but it is what it is.
### [Google Dorking](https://tryhackme.com/room/googledorking)
Google, SEO, and indexing!
Notice for me:
### [How Websites Work](https://tryhackme.com/room/howwebsiteswork)
Easy intro into web dev and how websites work
### [Introductory Networking](https://tryhackme.com/room/introtonetworking)
Networking stuff (Mostly IT/network stuff)
### [Hashing - Crypto 101](https://tryhackme.com/room/hashingcrypto101)
Intro cryptography
Task 4, Last question -> check length with Python
`len("HASH")`
For Task 5, to crack, use
`hashcat -m NUM hash rockyou.txt ` where hash is the txt file containing the hash and change NUM to whatever the code for your hash type (found here: https://hashcat.net/wiki/doku.php?id=example_hashes). Also note that rockyou.txt was saved in the same directory level as the hash file
\* Note this may take a while
### [Intro Shell](https://tryhackme.com/room/introtoshells)
You can do the questions in order, but a better idea is to go to the bottom (task 14/15), start those machines and test the other tests with the open machine while AttackBox is open
### [Nmap](https://tryhackme.com/room/furthernmap)
Task 3 -> recommended to redirect output to text file like this
`nmap -h > t.txt` then grep the output of the t.txt to find the answer like this
`cat t.txt | grep -in -e 'FIND TEXT'`
To get the answers most of the time and line number if you do not find it immediately
### [Hydra](https://tryhackme.com/room/hydra)
Nice and simple intro to Hydra (you can use Burp for intercept)
\* note the usual word list rock you and it is found in `/usr/share/wordlists/rockyou.txt ` on the attack box by default
### [HTTP in detail](https://tryhackme.com/room/httpindetail)
Some simple questions to get you to know HTTP and the web
### [Putting it all together](https://tryhackme.com/room/puttingitalltogether)
Now with the other modules completed, put it all together and finish the quiz, good luck!
### [Active Directory Basics](https://tryhackme.com/room/activedirectorybasics)
Reading assignment :weary:
(Don't be afraid to use the hint for the second last part)
### [John The Ripper](https://tryhackme.com/room/johntheripper0)
Use rockyou.com for test: [rockyou.txt wordlist](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt)
For cracking in task 4, use `john hashX.txt --wordlist=../rockyou.txt` if rockyou.txt is in the directory above yours
In Task 9-11, zip2john, rar2john, and ssh2john are not found so install it manually or just enter
`pass123` as the passcode zip and
`password` for the rar (you also need unrar)
`mango` for the ssh key
### [Common Linux Privesc](https://tryhackme.com/room/commonlinuxprivesc)
This video series covers this room in great detail: https://www.youtube.com/watch?v=PjjuZwVvCgc
### [Metasploit](https://tryhackme.com/room/rpmetasploit)
Follow the steps and/or watch the video (which contain the answers)
### [Encryption - Crypto 101](https://tryhackme.com/room/encryptioncrypto101)
Task 4 -> use python interrater
### [Linux PrivEsc](https://tryhackme.com/room/linuxprivesc)
Good resource for escalation later on (definitely a good bookmark)
### [DNS in Detail](https://tryhackme.com/room/dnsindetail)
Find out what a DNS is
### [Vulnversity](https://tryhackme.com/room/vulnversity)
1. Run `nmap -A -sC -p- -oN vul.nmap 10.10.IP ADDRESS HERE*` on the instance of Kali
2. Wait >10 minutes for it to resolve
3. Scan for hidden files by doing `gobuster dir -u http://:3333 -w /usr/share/wordlists`
4. Go to the \/internal/index.html on firefox (**Make sure u aren't using http or https before the url**)
5. Follow the rest of the steps till yo get to injecting the PHP code
6. Make sure download the PHP file from GitHub, rename it to be a .phtml and change the IP to the TMP IP address
7. Save, upload, listen, then submit file
8. Then the netcat should allow you in such that you can gain control and find out things about the machine
9. Follow https://n0w4n.nl/vulnversity/#crayon-60458bd07482b875406373 to gain admin privileges
10. Follow the rest of the instructions and you should be done! π₯³
Resources:
* https://n0w4n.nl/vulnversity/
* https://www.youtube.com/watch?v=hvYWCegfEZs&ab_channel=JohnHammond
### [Network Services](https://tryhackme.com/room/networkservices)
see [YouTube 1](https://www.youtube.com/watch?v=eedTXtYiOK4), [YouTube 2](https://www.youtube.com/watch?v=qcvZ2Jm8fPU), or [YouTube 3](https://www.youtube.com/watch?v=18bHDxj1JpE) for hints
### [Network Services 2](https://tryhackme.com/room/networkservices2)
`/usr/sbin/showmount` is just `showmount` (Task 3)
Some parts maybe broken like the MySQL (also need to install MySQL)
A very good writeup: http://wuvel.net/network-services-2/#:~:text=What%20process%20allows%20an%20NFS,Mounting.
### [OhSINT](https://tryhackme.com/room/ohsint)
MSINT fun. Do some googling and don't be afraid of using the hint
For SSID of WAP, the website has changed the the answer is `UnileverWiFi`
Last question requires you to look in the source code (under the header)
### [OWASP Top 10](https://tryhackme.com/room/owasptop10)
Follow the steps till task 7, where the arthur task might be broken. Therefore the password is `d9ac0f7b4fda460ac3edeb75d75e16e`
In severity 3, you go into SQL. Notes on SQLite3:
* find the structure of the table with `.schema TABLE_NAME` in sqlite3
SSH key is usually located at `/home/falcon/.ssh/id_ra`
In take 16, it can be annoying to get the first 18 characters so use python by specifying
```python
a = "KEY"
print(a[:18])
```
Severity 6: MSINT
Severity 7: Note that the alert must be case sensitive (ie `Hello`)
Severity 8: Task 21 is a trick question since it's `the Apache Software Foundation` π
also note the first flag (cookie) requires a decoder
### [OWASP Juice Shop](https://tryhackme.com/room/owaspjuiceshop)
Note the best1050 wordlist from task 4 exists in `/usr/share/wordlists/SecLists/Passwords/Common-Credentials` (also that question takes a long time because burp wants you to buy premium)
### [Upload Vulnerabilities](https://tryhackme.com/room/uploadvulns)
Make sure you follow tasks 1 otherwise, the website will not work. In addition, when entering the website via firefox, if it is not showing the website and redirecting to Google, please do `overwrite.uploadvulns.thm/` (with the slash). Follow the steps and have fun with the challenge!
### [Kenobi](https://tryhackme.com/room/kenobi)
Follow the steps are the rest is trivial
### [Basic Pentesting](https://tryhackme.com/room/basicpentestingjt)
Check The video (https://www.youtube.com/watch?v=xl2Xx5YOKcI)
This room should be done near the end because it requires a bunch of other tools and it requires you know how to pentest starting from nothing
### [Mr Robot CTF](https://tryhackme.com/room/mrrobot)
This is similar to [Blue](#blue), or at least the steps are the same, just some praxis
### [Blue](https://tryhackme.com/room/blue)
The behaviour of msfconsole may vary on your machine and therefore you may have to background once you do `run`. Sometimes the run will fail and you may need to restart the machine
(This room is a bit finicky)
### [Ice](https://tryhackme.com/room/ice)
1561 is the one we want in task 3
Here I will break down the steps for general cracking:
1. Scan and recon
2. Hopefully find an exploit
3. Use metasploit (msfconsole)
1. search for the exploit found
2. set to use the exploit (with `use NUMBER`)
3. set the host/port
4. run (the exploit at the host)
4. Pray that you are successful
5. Escalate
### [Steel Mountain](https://tryhackme.com/room/steelmountain)
Yet another Mr. Robot room π
In task 2 the name of the webserver starts with the word `rejetto`
\*note the flag is in Desktop
### [Nessus](https://tryhackme.com/room/rpnessusredux)
Unless you have 30GB of space or don't want to waste 30GB, don't do this room!
If me want the badge (π₯Ίππ), follow this tutorial: https://www.youtube.com/watch?v=JMyuEiz1dWQ
### [Pickle Rick](https://tryhackme.com/room/picklerick)
I turned myself into a CTF room Morty...
Follow the video but at this point, you should know your way around by now
### [Wireshark 101](https://tryhackme.com/room/wireshark)
Wireshark on the Attack machines can be opened with the `wireshark` command
In task 8, the last question requires it without the colon so use python to remove them
```python
a = 'STRING HERE'
b = ''
for char in a:
if char != ':':
b += char
print(b)
```
### [Attacktive Directory](https://tryhackme.com/room/attacktivedirectory)
Programs should be installed by default on attack machines.
### [Post-Exploitation Basics](https://tryhackme.com/room/postexploit)
What do you do after you exploit the system? Well this room will let you find out how persistently stay on the system!
### [Attacking Kerberos](https://tryhackme.com/room/attackingkerberos)
Kerberos must be installed in the Attack machines because dogs go waff waff hehe.
### [Introduction to Django](https://tryhackme.com/room/django)
A nice intro to starting Django (Python web framework) development
For user flag, hint is look in `/home` after ssh
## CI for PDF
## Thanks π
Thanks for taking time to look at these hints for TryHackMe. I hope this helped and by the end you would have reached Hacker rank and ~13,000 rank/500,000 users
π[Back to Top](#top)