Introduction

TryHackMe is an excellent platform for learning cybersecurity skills, and today I'm going to walk you through how I solved one of their advanced web challenges. This challenge involved multiple vulnerabilities including SQL injection and privilege escalation.

Initial Reconnaissance

The first step in any penetration test is reconnaissance. I started by:

  • Running an Nmap scan to identify open ports
  • Checking for web application vulnerabilities
  • Analyzing the source code for potential entry points
nmap -sV -sC target-ip
Starting Nmap scan...

Finding the SQL Injection

After exploring the web application, I noticed a login form that looked vulnerable to SQL injection. I tested it with a simple payload:

username: admin' OR '1'='1
password: anything

And it worked! The application returned a successful login. This confirmed the SQL injection vulnerability.

Pro Tip: Always test for SQL injection in login forms, search boxes, and any input fields that interact with a database.

Privilege Escalation

After gaining initial access, I needed to escalate my privileges. I discovered a misconfigured sudo permission that allowed me to run certain commands as root.

Lessons Learned

  1. Always validate and sanitize user inputs
  2. Use prepared statements to prevent SQL injection
  3. Follow the principle of least privilege
  4. Regular security audits are essential

Conclusion

This challenge was an excellent learning experience. It demonstrated how multiple vulnerabilities can be chained together to compromise a system. Remember, ethical hacking is about learning and improving security, not causing harm.

Challenge Completed! This writeup demonstrates the importance of proper input validation and security configuration.