Box link– https://tryhackme.com/room/yearofthejellyfish This box is ranked hard-difficulty on THM, it involves us enumerating subdomains on a webserver, leading to a known RCE vulnerability on Mon...

Box link– https://tryhackme.com/room/yotf This box is ranked hard difficulty on THM, it involves us brute forcing a webpage login, getting a reverse shell via RCE, port forwarding SSH for a login,...

Box link– https://tryhackme.com/room/yearofthedog This box is ranked hard difficulty on THM, it involves us using SQLi to get a webshell on the system, a good bit of internal enumeration, and an i...

This box is ranked medium on THM, it involves us mounting a file share to get access to RSA key pair integers, which we can use to recover an SSH private key. After cracking that we abuse sudo priv...

This box is rated medium difficulty on THM. It involves us exploiting an LFI vulnerability to leak credentials, uploading a reverse shell via FTP, and pivoting through five accounts to snag all fla...

This box is ranked easy difficulty on THM, it involves us exploiting Apache Jserv to read files arbitrarily, leading to an encrypted pgp file and a binary exploit we can use to get root privileges....

This box is the first of five side quest challenges in THM’s Advent of Cyber ’25. It’s ranked hard difficulty and is easily the most time consuming of all. It involves us gathering OSINT to brute f...

This box is rated hard difficulty on THM, it involves us using SQL injection to dump passwords, using a known binary exploit with Sudo to grab root privileges on the system, and searching for hidde...

This box is rated hard difficulty on THM. It involves us brute forcing a WordPress website with XML-RPC enabled, updating our profile to allow for admin permissions, and a cool Python module privil...

This box is rated hard difficulty on THM. It involves us brute forcing an admin login on a subdomain, grabbing a shell via SSRF in a query search function, and impersonating another account with an...