Exploring Basic Penetration Testing with TryHackMe

First, I registered on TryHackMe and connected to their network using OpenVPN, a standard step for most cybersecurity platforms. Once connected, I searched with the filter set to “Easy” and chose the Basic Penetration Testing room. After deploying the associated machine, it was live, and I was ready to begin my tasks.

The first task was to find the services exposed by the machine. I used the Nmap tool to scan for open ports. The scan results showed that ports 22 (SSH), 80 (HTTP), 139 (NetBIOS-SSN), and 445 (Microsoft-DS) were open. This information was crucial as it indicated the services running on the machine and potential entry points.

Next, I navigated to the website hosted on port 80. The page displayed a maintenance message, but the source code mentioned a “dev notes” section. To find more hidden directories, I used a tool called Gobuster. Inside, I found two text files: “dev.txt” and “j.txt.” The “dev.txt” file mentioned that the web application was using Apache Struts version 2.5.12. The “j.txt” file hinted at the users “Jan” and “Kay.”

With ports 139 and 445 open, I decided to explore SMB shares. I used the Enum4Linux tool to enumerate the shares and users. The output revealed two users, “Jan” and “Kay.” Knowing the usernames was helpful, but I still needed their passwords to gain further access. I decided to brute-force SSH credentials for the user “Jan” using Hydra. After some time, Hydra successfully found the password: “armando.” I used these credentials to log in via SSH.

Once logged in as “Jan,” I explored the home directory and other areas of the system. To automate the process of finding potential privilege escalation vectors, I used the LinPEAS script.

Challenges

During my journey through the TryHackMe Basic Penetration Testing room, I encountered several challenges that tested my problem-solving skills and patience. One of the main hurdles was correctly interpreting the scan results from tools like Nmap and Gobuster. Misunderstanding these results could lead to wasted time exploring irrelevant leads. Another challenge was managing the brute-force attack with Hydra. As these tools were new to me, I had to invest a considerable amount of time studying how each one worked and understanding the scan results they produced.

I relied on various online resources, tutorials, and forums to grasp how to effectively use these tools. Although these challenges were frustrating at times, the process of overcoming them significantly enhanced my understanding and proficiency in penetration testing.

Conclusion

The TryHackMe Basic Penetration Testing room was an excellent learning experience. I practiced using essential tools like Nmap, Gobuster, Enum4Linux, Hydra, and LinPEAS. Each step provided valuable insights into the process of discovering and exploiting vulnerabilities in a controlled environment.