TryHackMe: Vulnversity

theUnknown
6 min readMay 2, 2021

What I’ve learned in this room.

We will start with Task 2, since in the Task 1 you are just required to deploy the machine.

Task 2: Reconnaissance

And we start our reconnaissance with the classics: Nmap (cheat sheet by SANS).

You can also refer to the table presented by TryHackMe:

Although in the beginning of the task THM already tells you which flag to use to scan the target:

Scan this box: nmap -sV <machine’s ip>

Scan the box, how many ports are open?

6

What version of the squid proxy is running on the machine?

3.5.12

How many ports will nmap scan if the flag -p- 400 was used?

400

Using the nmap flag -n what will it not resolve?

DNS

What is the most likely operating system this machine is running?

Ubuntu

What port is the web server running on?

3333
nmap -sV scan results

Task 3: Locating directories using GoBuster

Again in this task THM let’s you know what to do:

run GoBuster with a wordlist: gobuster dir -u http://<ip>:3333 -w <word list location>

Also THM mentioned that If you are using Kali Linux you can find the wordlists under /usr/share/wordlists. And that’s what I did, cd into that directory and found the most suitable wordlist for brute-forcing the directories with GoBuster. You can see my scan results below:

theUnknown

Everything is unknown until it’s known. Self-learner.