# RootMe

## <mark style="color:purple;">RootMe - TryHackMe</mark>

### <mark style="color:purple;">Overview</mark>

The **RootMe** machine, available on [TryHackMe](https://tryhackme.com/room/rrootme), is a beginner-friendly Capture The Flag (CTF) challenge designed to enhance skills in reconnaissance, exploitation, and privilege escalation within a controlled environment. This machine simulates common real-world scenarios where misconfigurations and inadequate security practices lead to critical vulnerabilities.

***

### <mark style="color:purple;">Key Objectives</mark>

1. **Reconnaissance:** Identify open ports and services to gather essential information about the target system.
2. **Exploitation:** Utilize vulnerabilities in file upload functionalities to gain unauthorized access.
3. **Privilege Escalation:** Leverage misconfigured SUID (Set User ID) binaries to obtain root-level access.

***

### <mark style="color:purple;">Skills Demonstrated</mark>

* Conducting port and service scans using tools like Nmap to map the attack surface.
* Performing directory enumeration with tools such as GoBuster to discover hidden paths.
* Crafting and deploying PHP reverse shells to establish a foothold on the target system.
* Identifying and exploiting files with SUID permissions for privilege escalation.

***

### <mark style="color:purple;">Relevance</mark>

This challenge underscores the importance of implementing secure configurations and conducting regular system audits. The techniques employed highlight common vulnerabilities and demonstrate how attackers can exploit them, providing valuable insights into proactive risk management and threat mitigation.