Scribd
Upload
463 views9 pages

Basic Pentesting Room

The Basic Pentesting room on TryHackMe is an introductory platform for beginners in ethical hacking, focusing on common vulnerabilities in a simulated Linux server. It guides users through essential pentesting phases such as enumeration, brute-forcing, and privilege escalation using tools like nmap, gobuster, and hydra. The experience culminates in successfully accessing user accounts and understanding the importance of system security.

Uploaded by

Mati Chala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
463 views9 pages

Basic Pentesting Room

The Basic Pentesting room on TryHackMe is an introductory platform for beginners in ethical hacking, focusing on common vulnerabilities in a simulated Linux server. It guides users through essential pentesting phases such as enumeration, brute-forcing, and privilege escalation using tools like nmap, gobuster, and hydra. The experience culminates in successfully accessing user accounts and understanding the importance of system security.

Uploaded by

Mati Chala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Basic Pentesting Room

(TryHackMe)

Room Name: Basic Pentesting


Difficulty Level: Easy
Tested by: Avneet Kaur

Introduction
The Basic Pentesting room on TryHackMe is designed for
beginners who are starting their journey into ethical hacking
and penetration testing. The machine mimics a vulnerable
Linux server with common misconfigurations and weak
credentials that often exist in real-world systems. The goal is
to gain access to user accounts, escalate privileges, and
understand the importance of securing every layer of a
system.It provides a safe, beginner-friendly environment to
practice key concepts such as:
• Information gathering (reconnaissance)
• Brute-forcing
• Enumeration (services like SSH, HTTP, and SMB)
• Privilege escalation
Step 1: Enumeration
The goal is to identify all the open ports, running services,
and possible points of entry on the target machine.
Command used: nmap -sS -sV -sC -p- <Target-ip>

Explanation of Flags:
• -sV: Detects service versions.
• -sC: Runs default scripts (useful for quick enumeration).
• -p-: Scans all 65535 ports (not just top 1000).
• --min-rate 5000 : sends packet at a minimum rate of •

5000 packets per second – makes scan faster.


# Port 80 and 8080 may host websites or admin panels.
# SMB (139/445) could leak usernames and files.
# SSH (22) is a potential entry point if weak credentials are
found.
Step 2: Directory Fuzzing
Now we check the web server for hidden folders and files
using gobuster.
Command Used: gobuster dir -u http://<TARGET_IP>/ -w
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Gobuster: The tool we are using. It's a fast web content


scanner.
dir: tells gobuster that we are doing directory brute-forcing.
-u : for target url
-w : for wordlist

Inside /development, two files:


• dev.txt mentioned Apache Struts 2.5.12, SMB, and weak
user passwords
• j.txt warned about a weak password in /etc/shadow
Step3: SMB Enumeration
We use enum4linux to gather information from SMB services.
Command used: enum4linux -a <TARGET_IP>

Enum4linux : A tool used for SMB enumeration


-a : Means all options – it runs all the available checks (users,
shares, OS info, passwords, etc.)
• Usernames found: jan, kay
• Possible shares: IPC$, Anonymoyus

Make a file called user.txt:


Command: echo -e "jan\nkay" > user.txt

Step4: Brute-Forcing SSH Login Using


Hydra
We already found two usernames (jan and kay) from SMB
enumeration.
Now we will try to brute-force SSH login using a wordlist to
guess their passwords.
Command used: hydra -L user.txt -P
/usr/share/wordlists/rockyou.txt ssh://10.10.146.126
Hydra: tool for brute-forcing
-L : file containing list of usernames
-P : wordlist for finding passwords
Ssh:<IP> : protocol and ip of the target machine

Credentials found : username jan , password Armando

Step5: Connect via SSH


Command used: ssh jan@<TARGET_IP>

In user kay , we have directory .ssh . In that directory we have


id_rsa key for user kay. Save this key in a text file and give
permission chmod 600 id_rsa
Step 6 : Converted Key to Hash with
ssh2john

Step 7 : Cracked SSH Key Passphrase with


John

Step 8: Connect via SSH to Kay


And here is the final password

Conclusion:
The "Basic Pentesting" room on TryHackMe provides a solid
hands-on experience of real-world penetration testing
workflow. It walks us through all the core phases of
pentesting: enumeration, exploitation, and privilege
escalation.
In this machine, we started by discovering open ports and
services using tools like nmap. SMB enumeration using
enum4linux revealed usernames and accessible shares. We
used smbclient to explore those shares and found potential
clues. Then, we used hydra to brute-force SSH credentials and
successfully logged into the machine.
After gaining access, we performed manual checks to explore
the system further, looked for sensitive files, and achieved
our goal of getting the flags.

End of Report

You might also like