This box is rated hard difficulty on THM. It involves using NoSQL injection in JSON format to bypass a login panel, getting a reverse shell with the site’s built-in command prompt, and exploiting a...

Box link– https://tryhackme.com/room/ra2 This box is rated hard difficulty on THM and is the second installation of the Windcorp series. It involves us enumerating a backup folder which holds a ce...

This box is rated medium difficulty on THM and has many web parts for us to attack. It involves us brute forcing an account and OTP code with custom wordlists, exploiting LFI to read the applicatio...

This box is rated medium difficulty on THM and is a simulation of a real intermediate penetration test. It involves us uploading an aspx shell via an SMB share exposed to the web and escalating pri...

This box is rated medium difficulty on THM. It involves us finding the correct SSH port with a binary search, solving a Vigenère cipher to get credentials for a low priv user, and utilizing a slew ...

This box is rated medium difficulty on THM. It involves us brute forcing a Wordpress login, grabbing a low level shell via a known upload vulnerability, and a cool privilege escalation method to ro...

This box is rated hard difficulty on THM. It involves us brute forcing steganography on an image using a wordlist found with it, uploading a shell via FTP & enumerating a subdomain to execute i...

This box is rated medium difficulty on THM, it’s centered around us finding login credentials and exploiting three binaries in different ways. Escalate your privileges by exploiting vulnerable bin...

Box link– https://tryhackme.com/room/ra This box is rated hard difficulty on THM. It involves us using information gathered to reset a password, capturing a user’s hash with a lesser known exploit...

This box is rated medium difficulty on THM, it involves us brute forcing a login panel, exploiting a known vulnerability within the Codiad framework, and escalating privileges to root by writing to...