Blog

Blog - TryHackMe

Overview

The "Blog" machine is a vulnerable system that hosts a WordPress blog. The goal of this penetration test was to identify and exploit weaknesses to retrieve two flags: user.txt and root.txt.

Key Objectives

  1. Identify open ports and services running on the target machine.

  2. Enumerate users and exposed directories.

  3. Exploit vulnerabilities in the WordPress application.

  4. Escalate privileges to root.

  5. Retrieve the user.txt and root.txt flags.

Skills Demonstrated

  • Port scanning and service identification using Nmap.

  • Directory enumeration with DirBuster.

  • WordPress enumeration and brute-forcing login credentials.

  • Exploiting web application vulnerabilities in WordPress.

  • Privilege escalation using SUID binaries.

Relevance

This challenge is highly relevant for a penetration tester as it involves exploiting common web application vulnerabilities, enumeration techniques, and privilege escalation, which are critical skills in a real-world pentesting environment.

PreviousExecutive ReportNextWrite-up

Last updated