DEV Community: Emanuele

Learning Linux the Fun Way: TryHackMe Linux Fundamentals Part 1 Walkthrough

Emanuele — Tue, 15 Jul 2025 14:46:20 +0000

Introduction

As part of my journey into cybersecurity and system administration, I recently completed the "Linux Fundamentals Part 1" room on TryHackMe. This room is perfect for beginners who want to get hands-on with Linux basics in a guided, interactive environment.

In this post, I’ll walk through the key concepts, commands, and tasks covered in the room, along with my personal notes and tips.

A bit of Background on Linux
Linux may seem more intimidating than operating systems like Windows, but it's actually incredibly versatile and widely used in everyday life. You might not realize it, but Linux powers many of the systems you interact with regularly, such as websites, car infotainment systems, checkout tills in stores, and even critical infrastructure like traffic light controllers and industrial sensors.

The term "Linux" refers to a family of operating systems based on UNIX. Because Linux is open-source, it has given rise to many different versions, known as distributions or "distros," each tailored for specific use cases. Ubuntu and Debian are two of the most common distributions due to their flexibility. For instance, Ubuntu can be used both as a server operating system for hosting websites and applications, or as a full desktop environment. Impressively, Ubuntu Server can run on systems with as little as 512MB of RAM. Just like Windows has different versions such as 7, 8, and 10, Linux has a wide variety of distributions, each suited to different needs and preferences.

Interacting With Your First Linux Machine (In-Browser)

This TryHackMe room provides access to an Ubuntu Linux machine that you can interact with directly through your browser, making it easy to follow along with the learning material. To begin, you simply need to click the green “Start Machine” button. Once the machine is deployed, a card will appear at the top of the room displaying important details such as the machine’s IP address, an expiry timer, and controls to manage the machine. It’s important to remember to terminate the machine once you’re finished to avoid unnecessary resource usage. For now, just start the machine and you’ll be able to explore and practice Linux commands in a fully interactive environment, right from your browser.

Running Your First few Commands

Ubuntu is known for being lightweight, which makes it appealing, but this often means it lacks a graphical interface unless one is installed. As a result, users interact with the system primarily through the Terminal, a text-based interface that can seem intimidating at first. However, with time and practice, it becomes easier to use. Basic tasks like navigating files, viewing content, and creating files are done using simple commands. Two introductory commands are echo, which displays text, and whoami, which shows the current user. For example, echo Hello prints "Hello", while echo "Hello Friend!" prints the full phrase with spaces. The whoami command reveals the username of the logged-in user.

To get information about current user, we use:

whoami

To print infos in the terminal, we use echo + information, in our case:

echo TryHackMe

Interacting With the Filesystem!

So far, only the echo and whoami commands have been introduced, which are useful but limited. To work effectively in a Linux environment without a graphical interface, it's essential to interact with the filesystem. This includes navigating directories, viewing file contents, and understanding where you are in the system.

The ls command lists files and folders in the current directory, helping you see what’s available. To move between directories, you use cd, and once inside a directory, you can again use ls to view its contents. To read the contents of a file, the cat command is used, which outputs the file’s data directly in the terminal. Finally, pwd shows the full path of your current location in the filesystem, which is helpful for orientation and navigation.

Let's navigate inside this machine to find our answers:

Searching for Files
Although Linux may seem complex at first, one of its greatest strengths is how efficient it becomes with familiarity. As you get used to it, commands like echo, whoami, ls, cd, cat, and pwd become second nature. To further boost efficiency, Linux offers powerful tools like find and grep.

The find command allows you to search for files across directories without manually navigating through each one. For example, find -name passwords.txt searches for a file with that exact name, while find -name *.txt finds all .txt files using a wildcard.

On the other hand, grep lets you search inside files for specific content. It's especially useful for large files like logs. For instance, grep "81.143.211.90" access.log filters and displays only the lines containing that IP address, saving time and effort compared to reading the entire file.

Together, find and grep showcase how Linux can streamline tasks and make system interaction much more efficient.

grep "THM" access.log

An Introduction to Shell Operators
Linux operators enhance command-line efficiency by allowing more control over how commands are executed and how their outputs are handled. The & operator runs commands in the background, which is useful for long tasks like copying large files without blocking the terminal. The && operator chains commands together, ensuring the second command runs only if the first succeeds.

The > operator redirects output to a file, replacing its contents if the file already exists. For example, echo hey > welcome creates or overwrites the file "welcome" with the word "hey". In contrast, the >> operator appends output to the end of a file without overwriting existing content. So, echo hello >> welcome adds "hello" below "hey" in the same file.

These operators are key tools for streamlining tasks and managing output effectively in Linux.

Conclusions
Great job reaching this point! We've just completed a solid introduction to Linux, covering the most essential tools and concepts you'll use regularly. Here's a quick recap of what we've learned:

Why Linux is so widely used: Its efficiency, flexibility, and power make it a favorite in tech environments.
Basic interaction: We’ve run your first commands and started navigating a Linux machine.
Filesystem navigation: Commands like ls, cd, cat, and pwd help you explore and manage files.
Efficient searching: Tools like find and grep let you locate files and search their contents quickly.
Shell operators: We learned how to run commands in the background (&), chain them (&&), and redirect output (> and >>).

We're building a strong foundation, and with a bit of practice, these commands will become second nature. When you're ready, moving on to Linux Fundamentals Part 2 will deepen your skills even further.

TryHackMe's Intro to LAN - A Beginner Friendly Walkthrough

Emanuele — Wed, 02 Jul 2025 15:09:11 +0000

The "Intro to LAN" room on TryHackMe is a Premium walkthrough that introduces users to the technologies and designs behind Local Area Networks (LANs). While the full content is behind a paywall and cannot be directly reproduced, I can guide you through the general structure and concepts typically covered in this room, based on standard networking knowledge and what TryHackMe usually includes in such modules.

🧩 Task 1: Introduction
LAN topologies refer to the layout or design of a network, and each type has its own strengths and weaknesses. The star topology is the most common today, where each device connects to a central hub or switch. It's reliable and scalable but more expensive due to the extra cabling and hardware. If the central device fails, the whole network is affected. The bus topology uses a single backbone cable to connect all devices, making it cheap and easy to set up. However, it's prone to bottlenecks and has a single point of failure, making troubleshooting difficult. The ring topology connects devices in a loop, requiring less cabling and hardware. It’s easier to troubleshoot but inefficient for data travel and vulnerable to total failure if any part of the loop breaks.

Switches are central devices that connect multiple devices efficiently by sending data only to the intended recipient, unlike hubs that broadcast to all. They are essential in larger networks. Routers, on the other hand, connect different networks and direct data between them using routing. Connecting switches and routers can improve network reliability by providing alternate data paths, even if it slightly reduces performance.

Now we need to complete the puzzle in the View Site section in order to score the flag. It is a very self-teached way to achieve the flag while trying to compromise all topologies

🧩 Task 2: A Primer on Subnetting
Subnetting is the process of dividing a larger network into smaller, more manageable segments called subnets. This is similar to slicing a cake so each department or group—like Accounting, Finance, or HR—gets its own portion. It helps networks efficiently route data to the correct destination, just as you'd send a document to the right department in an office.

Each subnet uses IP addresses in three key ways: to identify the network itself, to identify individual devices (hosts), and to designate a default gateway that connects to other networks. For example, in the IP range 192.168.1.0, the network address might be 192.168.1.0, a host could be 192.168.1.100, and the default gateway might be 192.168.1.254.

While home networks typically use a single subnet due to fewer devices, businesses often require multiple subnets to handle a larger number of connected devices. Subnetting enhances efficiency, security, and control. For instance, a café might use subnetting to separate its internal systems (like cash registers) from the public Wi-Fi, ensuring both security and connectivity.

🧩 Task 3: ARP
ARP (Address Resolution Protocol) is a network protocol that helps devices associate IP addresses with MAC addresses, allowing them to identify and communicate with each other on a local network. Each device maintains an ARP cache—a kind of internal ledger—that stores these associations.

When a device wants to communicate with another, it sends an ARP request to the entire network asking, “Who has this IP address?” The device with that IP responds with its MAC address in an ARP reply. This information is then stored in the sender’s ARP cache for future use, streamlining communication and reducing the need for repeated broadcasts.

🧩 Task 4: DHCP
IP addresses can be assigned to devices either manually or automatically. The most common method is automatic assignment using DHCP (Dynamic Host Configuration Protocol). When a device connects to a network and doesn't already have an IP address, it sends out a DHCP Discover message to locate a DHCP server. The server responds with a DHCP Offer, suggesting an available IP address. The device then replies with a DHCP Request, indicating it wants to use that address. Finally, the server confirms with a DHCP Acknowledgment (ACK), allowing the device to begin using the assigned IP. This process ensures efficient and dynamic IP management across networks.

🧾 Conclusion
The "Intro to LAN" room provides a foundational understanding of how local networks operate, which is essential for anyone pursuing cybersecurity, networking, or IT. By completing this room, you’ve gained:

A solid grasp of network topologies and how devices are structured in a LAN.
Knowledge of IP addressing and subnetting, crucial for managing and segmenting networks.
Insight into DHCP and DNS, which automate and simplify network communication.
An understanding of MAC addresses and ARP, which enable devices to find each other on a LAN.

This room sets the stage for more advanced topics like network scanning, penetration testing, and packet analysis. Mastering these basics ensures you're well-prepared for future challenges in both offensive and defensive cybersecurity roles.

TryHackMe: Security Engineer Intro – A Beginner's Walkthrough & Lessons Learned

Emanuele — Wed, 02 Jul 2025 14:28:38 +0000

Introduction
The "Security Engineer Intro" room on TryHackMe is the first step in the Security Engineer learning path, designed to introduce learners to the responsibilities, tools, and mindset of a security engineer. Whether you're transitioning from another IT role or just starting out, this room offers a solid foundation.

Room Objectives

Understand the role of a security engineer.
Learn about digital asset management.
Explore security operations and incident response.
Get introduced to SIEM tools and log analysis.
Understand the importance of documentation and compliance.

🔹 Task 1: Introduction
This task sets the stage by explaining the importance of security engineers in protecting an organization's digital infrastructure. It emphasizes the proactive nature of the role—preventing breaches before they happen.

Key Insight:
Security engineers are not just defenders; they are builders of secure systems.

🔹 Task 2: What is a Security Engineer
As organizations increasingly rely on digital technologies, they face growing threats like data breaches, ransomware, and cyberattacks. Abandoning technology isn't a viable option, so securing digital assets becomes essential—just like protecting physical ones. The goal is to ensure business continuity and protect critical operations from disruption.

Security engineers are hired to:

Own and manage the organization's cybersecurity posture.
Minimize risks from cyber threats through strategic planning.
Design and implement secure systems and networks.
Conduct regular tests to identify and fix vulnerabilities.
Collaborate with other teams to enforce security protocols.
They act as both builders and defenders, ensuring systems are secure by design and resilient in practice.

🔹 Task 3: Core Responsibilities of a Security Engineer
Security starts with knowing what you have. A security engineer must:

Maintain an up-to-date inventory of digital assets.
Track details like asset type, IP address, location, network placement, running applications, access permissions, and ownership.
Ensure this inventory is regularly reviewed and updated.

Security engineers help develop and enforce policies based on established principles. They:

Create and implement organization-wide security policies.
Handle policy exceptions by evaluating business needs and suggesting risk mitigations.
Ensure compliance with both internal and external standards.

Security engineers adopt a “secure by design” philosophy, which includes:

Designing secure network architectures.
Hardening systems like Windows, Linux, and Active Directory.
Ensuring software development follows the Secure Software Development Lifecycle (SSDLC).

Security is an ongoing process. Engineers must:

Plan and coordinate regular assessments, audits, and red/purple team exercises.
Work with external vendors by preparing RFQs (Request for Quotations).
Prioritize and implement findings to continuously improve the security posture.

🔹 Task 4: Continuous Improvement

An organization's security is an ongoing process, not a one-time task, and the role of a security engineer reflects this continuous journey of improvement. Their responsibilities go beyond just setting up policies—they must foster a culture of security awareness, especially to guard against human errors like social engineering. They also play a key role in risk management, helping leadership understand and mitigate potential threats, even when some risks must be accepted due to operational constraints. As organizations evolve, security engineers oversee change management to ensure new systems or updates don't introduce vulnerabilities. They also manage vulnerabilities by monitoring and patching systems based on threat severity. Lastly, they ensure compliance with relevant regulations and standards, working with auditors to maintain certifications and address any gaps.

🔹 Task 5: Additional Roles and Responsibilities
The role of a security engineer is often broad and flexible, sometimes requiring them to support other teams beyond their core responsibilities. They may manage and fine-tune security tools like SIEMs, firewalls, and endpoint detection systems, and even advise on tool procurement based on organizational needs. They might also lead or participate in tabletop exercises, which simulate security incidents to test the organization's readiness and clarify team roles. Additionally, security engineers can be involved in disaster recovery and crisis management planning, helping ensure business continuity during emergencies, with their specific duties varying by organization.

🔹 Task 6: Walking in Their Shoes
While performing their duties, security engineers must consider various aspects of running a business apart from keeping it secure. These considerations may include business operations, cost, ease of implementation, ease of use, and more. Although the most secure system is the one that is shut off and disconnected from power, such a system doesn't achieve any business objectives. Hence, a security engineer must consider business objectives and security when making decisions.
Let's Launch the site to solve the little puzzle:

Those images are from the VAPT Report puzzle

We've got the flag!

✍️ Final Thoughts
The Security Engineer Intro room is a fantastic starting point for anyone curious about blue team roles. It’s not just about tools and alerts—it’s about building a secure culture within an organization.

Mastering the Art of Online Investigation: TryHackMe's "Search Skills" Walkthrough

Emanuele — Mon, 23 Jun 2025 16:11:08 +0000

In the world of cybersecurity, knowing how to search effectively is just as important as knowing how to code or exploit vulnerabilities. The "Search Skills" room on TryHackMe is a foundational module that teaches you how to navigate the vast ocean of online information using smart search techniques, specialized tools, and critical thinking.

This post walks you through each task in the room, explaining the concepts and how to find the answers.

Task 1: Introduction
This task sets the stage by emphasizing the importance of search skills. You're asked to search for "learn hacking" on Google and observe the number of results.

No answer required here, but it's a reminder of how overwhelming search results can be without proper filtering.

Task 2: Evaluation of Search Results
Q2.1: What do you call a cryptographic method or product considered bogus or fraudulent?
Answer: Snake Oil

In cybersecurity, "snake oil" refers to products that claim to offer security but are fundamentally flawed or deceptive.

Q2.2: What is the name of the command replacing netstat in Linux systems?
Answer: ss

ss (Socket Statistics) is faster and more informative than netstat.

Task 3: Search Engines
Q3.1: How would you limit your Google search to PDF files containing the terms cyber warfare report?
Answer: filetype:pdf cyber warfare report

Use filetype: to filter by document type.

Q3.2: What phrase does the Linux command ss stand for?
Answer: Socket Statistics

Task 4: Specialized Search Engines
Q4.1: What is the top country with lighttpd servers?
Answer: United States

Use Shodan to search for lighttpd and filter by country.

Q4.2: What does BitDefenderFalx detect the file with the given hash as?
Answer: Android.Riskware.Agent.LHH

Use VirusTotal to analyze the hash.

Task 5: Vulnerabilities and Exploits
Q5.1: What utility does CVE-2024-3094 refer to?
Answer: xz

Search the CVE ID on cve.mitre.org or NVD.

Task 6: Technical Documentation
Q6.1: What does the Linux command cat do?
Answer: Concatenate and display file content

Use man cat in a Linux terminal or search online for the manual page.

Q6.2: What parameter in Windows netstat shows the executable involved?
Answer: -b

Use netstat -b in Command Prompt (admin mode).

Task 7: Social Media
Q7.1: What platform is useful for learning about a company’s technical staff?
Answer: LinkedIn

OSINT investigators often use LinkedIn to gather professional info.

Q7.2: What platform might help find answers to secret questions?
Answer: Facebook

People often share personal details that can be used in social engineering.

Task 8: Conclusion
This task wraps up the room and encourages you to apply these skills in real-world scenarios. The ability to search smartly is a superpower in cybersecurity.

🧠 Final Thoughts
The "Search Skills" room is a must-do for anyone starting in cybersecurity. It teaches you how to:

Evaluate sources critically
Use advanced search operators
Leverage specialized tools like Shodan and VirusTotal
Navigate technical documentation
Perform OSINT using social media

Lessons Learned: Getting Started with Blue Teaming via TryHackMe's "Defensive Security Intro"

Emanuele — Fri, 20 Jun 2025 14:41:16 +0000

As I continue my journey into cybersecurity, I recently explored the Defensive Security Intro room on TryHackMe. While offensive security often gets the spotlight, this room reminded me of the critical importance of defensive strategies—the unsung heroes of cyber resilience.

Here’s a walkthrough of the room and the key lessons I learned.

🧭 Room Overview
The Defensive Security Intro room is a beginner-friendly, theory-based module that introduces the core concepts of blue teaming—the practice of defending systems from cyber threats. It’s perfect for anyone curious about how organizations detect, respond to, and recover from attacks.

🔐 Walkthrough & Key Concepts
🧱 Task 1: What is Defensive Security?
This task lays the foundation by explaining the CIA Triad—Confidentiality, Integrity, and Availability. These three principles guide all defensive strategies.

🧠 Lesson:
Defensive security is proactive and reactive.
It’s not just about firewalls—it's about monitoring, detection, and response.

🧰 Task 2: Tools of the Trade
This section introduces essential tools used by blue teams:

SIEM (Security Information and Event Management): Tools like Splunk and ELK stack help collect and analyze logs.
EDR (Endpoint Detection and Response): Tools like CrowdStrike and SentinelOne monitor endpoints for suspicious behavior.
Firewalls & IDS/IPS: Network-level defenses that filter traffic and detect intrusions.

🧠 Lesson:
Logs are gold. Understanding how to read and correlate logs is a vital skill.
Automation is key—manual monitoring doesn’t scale.

🧪 Task 3: Incident Response Lifecycle
This task walks through the six phases of incident response:

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

🧠 Lesson:
Incident response is a team sport—communication and documentation are just as important as technical skills.
The “Lessons Learned” phase is often overlooked but critical for improving defenses.

🧠 Practical Example: SIEM Simulator
We have a practical SIEM dashboard with logs from account access, our task is to spot the unauthorized access ip and proceed to block it in order to get the room flag. All the process is fully guided, well explained and quite similar to what really happen in Splunk.

📚 Key Takeaways
Defense is Deep: It’s not just about stopping attacks—it’s about understanding them, detecting them early, and responding effectively.
Tools are Powerful, but Context is King: Knowing how to interpret alerts and logs is more important than just knowing how to use a tool.
Incident Response is a Lifecycle: It’s not a one-time event. Continuous improvement is essential.
Threat Intelligence is a Force Multiplier: It turns raw data into actionable insights.

🚀 Final Thoughts
The Defensive Security Intro room is a fantastic starting point for anyone interested in blue teaming. It’s less hands-on than offensive rooms, but it lays the groundwork for understanding how real-world organizations defend against cyber threats.

Lessons Learned: My First Ethical Hack with TryHackMe's "Offensive Security Intro"

Emanuele — Fri, 20 Jun 2025 14:24:17 +0000

As someone diving into the world of cybersecurity, I recently completed the Offensive Security Intro room on TryHackMe—and it was a game-changer. This room is designed for absolute beginners and offers a hands-on introduction to ethical hacking in a safe, legal environment. Here's a walkthrough of my experience and the key lessons I took away.

🧭 Room Overview
The Offensive Security Intro room is a 15-minute beginner-friendly lab that simulates a real-world hacking scenario. The goal? Hack into a fake banking website called FakeBank using basic tools and techniques that ethical hackers use daily.

🛠️ Walkthrough & Key Concepts
🔍 Task 1: What is Offensive Security?
The room kicks off with a simple but powerful idea:

“To outsmart a hacker, you need to think like one.”

Offensive Security is all about simulating attacks to find vulnerabilities before malicious actors do. This task introduces the concept of penetration testing and sets the stage for the hands-on part.

💻 Task 2: Hacking Your First Machine
Here’s where the fun begins. TryHackMe spins up a virtual machine running the FakeBank website. The goal is to find hidden pages using a tool called Gobuster.

🧪 Step-by-Step:
Start the Machine: Launch the VM and open the terminal.
Run Gobuster:

gobuster -u http://fakebank.thm -w wordlist.txt dir

This brute-forces the website to find hidden directories.

Find the Admin Page: One of the discovered paths is /admin, which leads to a login portal.

🔐 Task 3: Force a bank transfer
Once inside the /admin staff page, the next step is to force a bank transfer from another account to our 8881 account. After the confirmation we need to come back to our dashboard to discover the room flag.

🧠 Lesson:
This simulates the real-world impact of a successful attack.
It reinforces the importance of securing backend admin portals.

📚 Key Takeaways
Hands-On Learning is Powerful: Reading about hacking is one thing—doing it is another. This room made abstract concepts tangible.
Tools Matter: Gobuster is a simple yet powerful tool for directory brute-forcing.
Think Like an Attacker: Understanding how attackers operate helps you build better defenses.
Security is Layered: From weak credentials to exposed admin panels, every layer matters.

🚀 Final Thoughts
If you're new to cybersecurity, I highly recommend starting with this TryHackMe room. It’s short, practical, and gives you a real taste of what ethical hacking is all about.

Exploring Cybersecurity Roles: A Walkthrough of TryHackMe's "Careers in Cyber" Room

Emanuele — Wed, 18 Jun 2025 14:19:22 +0000

As someone diving deeper into the world of cybersecurity, I recently completed the Careers in Cyber room on TryHackMe. This room isn’t a traditional CTF or hands-on hacking challenge—instead, it’s a career exploration module designed to help you understand the various roles in the cybersecurity industry.

Here’s a breakdown of what I learned, my personal takeaways, and why I think every aspiring cyber professional should go through this room.

🧭 Room Overview
The Careers in Cyber room is structured into several tasks, each focusing on a specific cybersecurity role. It’s beginner-friendly and takes about 30–45 minutes to complete. You don’t need any technical setup—just a browser and curiosity.

🧠 Key Roles Covered
1. Security Analyst

What they do: Monitor networks, analyze threats, and respond to incidents.
Skills needed: SIEM tools, log analysis, basic scripting, communication.
Learning path: TryHackMe’s Pre-Security and SOC Level 1 paths are great starting points.
💡 Personal Insight: This role feels like the “first responder” of cyber. It’s ideal for those who enjoy puzzles and real-time problem-solving.

2. Security Engineer

What they do: Build and maintain secure systems, implement firewalls, and harden infrastructure.
Skills needed: Networking, system administration, scripting, cloud security.
Learning path: Cyber Defense and Red Teaming paths on TryHackMe.
💡 Personal Insight: This role appeals to builders—those who want to proactively design secure environments rather than just react to threats.

3. Incident Responder

What they do: Investigate breaches, contain threats, and perform forensics.
Skills needed: Digital forensics, malware analysis, threat intelligence.
Learning path: SOC Level 1 and Threat Hunting modules.
💡 Personal Insight: This is the cyber equivalent of a detective. If you love digging into logs and uncovering what went wrong, this might be your path.

4. Penetration Tester

What they do: Simulate attacks to find vulnerabilities before real attackers do.
Skills needed: Kali Linux, Metasploit, Burp Suite, scripting, report writing.
Learning path: Offensive Pentesting and Complete Beginner paths.
💡 Personal Insight: This is the most “Hollywood” role—fun, technical, and high-impact. But it also requires strong ethics and communication skills.

5. Governance, Risk, and Compliance (GRC)

What they do: Ensure organizations meet security standards and regulations.
Skills needed: Policy writing, risk assessment, frameworks like ISO 27001, NIST.
Learning path: While not deeply technical, understanding security fundamentals is key.
💡 Personal Insight: GRC is often overlooked but is critical for aligning security with business goals. It’s perfect for those with a strategic mindset.

🧭 Lessons Learned
Cybersecurity is broad: There’s a role for every personality type—whether you’re technical, analytical, or strategic.
Soft skills matter: Communication, documentation, and collaboration are just as important as technical prowess.
Start with curiosity: You don’t need to know everything. Pick a path that excites you and build from there.

🧰 My Next Steps
After completing this room, I’ve decided to focus more on the Security Analyst path. I’m currently working through TryHackMe’s PT1 and SOC Level 1 learning path and brushing up on my log analysis and scripting skills.

🎯 Final Thoughts
The Careers in Cyber room is a fantastic starting point for anyone unsure about where they fit in the cybersecurity landscape. It’s informative, well-structured, and gives you a clear roadmap for your next steps.

If you’re just starting out or even considering a career switch, I highly recommend giving this room a try. It might just help you find your place in the cyber world.

Solving TryHackMe's "Lo-Fi" Room - A Complete Walkthrough

Emanuele — Wed, 18 Jun 2025 14:02:27 +0000

🧭 Introduction
In this post, I’ll walk you through my experience solving the Lo-Fi game on TryHackMe. This room is part of the Challenge section, which is perfect for beginners looking to understand how LFI Path Traversal works and how attackers can exploit web application weaknesses thru file inclusion.

🧩 Room Breakdown
Let's start our journey by visiting the IP shown in the challenge section. We will discover a sort of a blog application running on this ip. We are tasked to pay attention to the URL bar and how the URL string change while visiting the links provided next to the video.

Let's visit the first link called Relax and wait until the URL gets modified

The URL parameter suggests us that the site is using PHP file inclusion. This can be vulnerable and can lead to Local File Inclusion (LFI) if the input is not properly sanitized. We can get access to:

/etc/passwd: Contains user account info (usernames, UID, home directory, shell). Passwords used to be stored here but now are in:
/etc/shadow: Contains hashed passwords, readable only by root.

Let's craft a valid url to land to the passwd file.

http://10.10.136.146/page?=../etc/passwd

HELP TIPS: It may require from two to five times the pattern "/../" before the /etc/passwd in order to match the exact location.

Great, we score the first file, now same path, but let's look for the shadow file. I'll expect that we'll get a blank result, it will tell that we're not the root on this system.

No Admin here, ok, we cannot access this system. Let's dig for the flag, assuming that the file will be named flag.txt.

http://10.10.136.146/page?=../../../flag.txt

Good, we've managed to get the flag at first try!

📌 Final Thoughts
The Lo-Fi room is a great exercise in chaining basic enumeration with web exploitation and privilege escalation. Perfect for sharpening your CTF skills.

Solving TryHackMe's "Net Sec Challenge" Room - A Complete Walkthrough

Emanuele — Wed, 18 Jun 2025 12:47:26 +0000

🧭 Introduction
In this post, I’ll walk you through my experience solving the Network Security room on TryHackMe. This room is part of the Network Security module, which is perfect for beginners looking to understand how computers communicate and how attackers can exploit network weaknesses.

🧰 Tools Used
Nmap – for scanning and enumeration
Hydra – for cracking ftp credentials

🧩 Room Breakdown
We will prepare our one line nmap command that will answer to all of our initial questions, i'll share what i've found out that is an easy win here:

nmap -sC -sV -p- -T4 <MACHINE_IP> -vv

Now let's answer to this group of questions, like i did in the following:

We've also got the FTP server version, which is the vsftpd 3.0.5, forgot to include the screenshot :/

For the upcoming task we have to use Hydra since we didn't got any password to SSH into those user account, we have to give Hydra rockyou.txt wordlist in order to crack a password. I'll move the two usernames into a file called users.txt

A little check before building the Hydra command:

Ok so now we need to build our Hydra command for cracking two passwords while running, this probably is not the best practice out there but worked fine for me:

hydra -t 8 -L users.txt -P /usr/share/wordlists/rockyou.txt ftp:10.10.101.15:10021

Let it run and let's wait patiently until gives us some results!

Clear up the terminal, we're going to connect now to the ftp location using our first found credentials eddie - jordan. Using the code snippet here, you are task to locate a txt file with the flag, ls -la will help us since we cannot use any command like locate or find in a ftp connection.

ftp <MACHINE_IP> 10021

No luck with eddie, we will try again with quinn - andrea

From this point we can input get ftp_flag.txt and save the flag file into our AttackBox. Let's cat this file and our flag is shown:

Last but not least the ip to visit with a little challenge to score. First let's have a look.

It looks like we have to go undercover to trick the web application to give us a flag. We're try to solve this with Nmap null scan.

nmap -sN 10.10.101.15

We've managed to solve the entire room, get this last flag to answer the last question!

📌 Final Thoughts
The Network Security room is a fantastic starting point for anyone diving into cybersecurity. It’s hands-on, practical, and builds a solid foundation for more advanced topics.

If you’re just starting out, I highly recommend giving this room a try. Feel free to drop your questions or share your own experiences in the comments!

Solving TryHackMe's "Vulnerability Capstone" Room - A Complete Walkthrough

Emanuele — Fri, 13 Jun 2025 16:21:01 +0000

Introduction
In this post, I’ll walk you through my experience solving the Vulnerability Capstone room on TryHackMe. This room is the final challenge in the Vulnerability Research module and is designed to test your ability to identify, research, and exploit real-world vulnerabilities.

Step 1: Initial Reconnaissance
Before diving into exploitation, we need to gather information about the target system. Start the Machine first and then your AttackBox. We'll be using a tool called nmap. After everything is correctly loaded, let's jump into the Kali terminal and let's start scanning the target machine that has ip 10.10.56.68, i used the following code:

nmap -sV -sC -T4 10.10.56.68 -vv

When scrolling the terminal down a bit we've found out the juicy informations we were looking for at first try.

Now we can answer the first group of questions that we have.

For the other part of this task i'll switch to a tool called GOOGLE, it's free, you can actually invoke it in your web browser ;) and look if Fuel CMS has some CVE exposed.

This is our next answer in the list, now let's focus on our final task which is the flag capturing.

QUICK TIPS! You are in your browser, why don't you visit the 10.10.56.68?!

That's right, but one more thing to say, on nmap we noticed a txt file hiding, visiting the path in the browser will reveal another web location to look.

Let's visit the path fuel then.

A login form, interesting, I've investigated the source code but no details we're found about a potential username. We have to exploit manually via the CVE we've discovered previously. After doing some searches, we have to copy and paste this exploit here into a file that we want to create: https://gist.github.com/anir0y/8529960c18e212948b0e40ed1fb18d6d#file-fuel-cms-py

Let's nano that into a file with python extension

nano exploit.py

Save and let it run via python3 command:

python3 exploit.py 10.10.56.68

Ok, we need to set up, in another terminal window, a NetCat session ready to get the reverse shell from the Fuel CMS, like so.

Back to the exploit window terminal, let's input shell_me and let's give ATTACKBOX_IP:4444 as attacker ip+port to listen.

After receiving the reverse shell to the application, it's an easy win to score the flag, since the path is in the question! THM{ACKME_BLOG_HACKED} is our final answer and that's all folks!

💡 Final Thoughts:
The "Vulnerability Capstone" room was more than just a challenge—it was a mini red-team engagement that tested my technical skills and problem-solving mindset. If you're looking to solidify your pentesting fundamentals, this room is a must-try.

TryHackMe: Race Conditions – A Deep Dive into a Subtle Yet Powerful Exploit

Emanuele — Tue, 10 Jun 2025 17:49:56 +0000

Introduction
Race conditions are one of those vulnerabilities that are often overlooked but can have devastating consequences when exploited correctly. In this TryHackMe room, we explore how attackers can manipulate the timing of operations to gain unauthorized access or perform unintended actions.

This guide walks you through the room step-by-step, explains the underlying concepts, and shares some personal thoughts on why this vulnerability is both fascinating and dangerous.

What is a Race Condition?
A race condition occurs when a system's behavior depends on the sequence or timing of uncontrollable events. In web applications, this often means two or more processes accessing shared resources (like a database or file) simultaneously, leading to unexpected behavior.

Real-World Analogy
Imagine two people trying to withdraw money from the same bank account at the exact same time. If the system doesn't lock the account during the transaction, both might end up withdrawing more than the available balance. That’s a race condition.

🛠️ Room Walkthrough

Multi-Threading Section
Here are the vital concepts that we have to understand:

A program is a set of instructions to achieve a specific task. You need to execute the program to accomplish what you want. Unless you execute it, it won’t do anything and remains a set of static instructions.
A process is a program in execution. In some literature, you might come across the term job. Both terms refer to the same thing, although the term process has superseded the term job. Unlike a program, which is static, a process is a dynamic entity. It holds several key aspects, in particular:
Program: The executable code related to the process
Memory: Temporary data storage
State: A process usually hops between different states. After it is in the New state, i.e., just created, it moves to the Ready state, i.e., ready to run once given CPU time. Once the CPU allocates time for it, it goes to the Running state. Furthermore, it can be in the Waiting state pending I/O or event completion. Once it exits, it moves to the Terminated state.
A thread is a lightweight unit of execution. It shares various memory parts and instructions with the process.
In many cases, we need to replicate the same process repeatedly. Think of a web server serving thousands of users the same page (or a personalized page). We can adopt one of two main approaches:
Serial: One process is running; it serves one user after the other sequentially. New users are enqueued.
Parallel: One process is running; it creates a thread to serve every new user. New users are only enqueued after the maximum number of running threads is reached.

Now let's answer the two wrap-up questions of this section:

Race Conditions Section
Generally speaking, a common cause of race conditions lies in shared resources. For example, when multiple threads concurrently access and modify the same shared data. Examples of shared data are a database record and an in-memory data structure. There are many subtle causes, but we will mention three common ones:

Parallel Execution: Web servers may execute multiple requests in parallel to handle concurrent user interactions. If these requests access and modify shared resources or application states without proper synchronization, it can lead to race conditions and unexpected behaviour.
Database Operations: Concurrent database operations, such as read-modify-write sequences, can introduce race conditions. For example, two users attempting to update the same record simultaneously may result in inconsistent data or conflicts. The solution lies in enforcing proper locking mechanisms and transaction isolation.
Third-Party Libraries and Services: Nowadays, web applications often integrate with third-party libraries, APIs, and other services. If these external components are not designed to handle concurrent access properly, race conditions may occur when multiple requests or operations interact with them simultaneously.

So, for the next two questions we need to focus on the first image and the last one. You'll get the two answers without problems.

Web Application Architecture Section

Client-Server Model: The Foundation
Web applications operate on a client-server model:

Client: This is typically your web browser or mobile app. It sends requests to the server—for example, when you click a button or submit a form.
Server: This is where the application lives. It receives the client’s request, processes it, and sends back a response—like an HTML page or a confirmation message.

These interactions happen over a network, and while they may seem instantaneous, there’s always a small delay—this delay is where race conditions can sneak in.

The Three-Tier Architecture
Most modern web apps follow a three-tier architecture:

Presentation Tier: The front-end—HTML, CSS, and JavaScript rendered in your browser.
Application Tier: The back-end logic—written in languages like Node.js, Python, or PHP—that processes requests and applies business rules.
Data Tier: The database—MySQL, PostgreSQL, etc.—that stores and retrieves data.

Each tier plays a role in how data flows and how decisions are made, which is crucial when we talk about timing and state transitions.

Exploiting Race Conditions: Machine 1 - Money Transfers
When you transfer money, the app typically:

Checks if your account has enough funds.
If yes, it proceeds with the transfer.
If not, it shows an error.
This seems like a simple two-state system: Transfer Not Sent → Transfer Sent.

But in reality, there’s a hidden third state: Checking Balance. This is a brief moment when the app is verifying your funds but hasn’t yet committed to the transfer. If an attacker sends multiple requests during this window, they might bypass the balance check and transfer more than allowed.

After starting the Machine and the AttackBox, let's jump into Firefox browser and input the MACHINE_IP:PORT that is given in the section. Mine is http://10.10.212.218:8080. We need to open two different window tabs here and log in following this logic: Tab1 -> Account1, Tab2 -> Account2

This is the first line that is shown

This is the second telephone line shown

Now we need to fire up our BurpSuite and let the tool intercept via FoxyProxy the session that we are working with. We need the plugin installed and configured on our browser to achieve this task.

Starting with the first account which is 07799991337, head over the Pay and Recharge button and press it. We will be landed on the section showed in the next image.

From this point on, we need to complete the form with the other line number and input an import like 5$ to transfer. Here's the example before the submission, DON'T hit Transfer! We have to set up our proxy interception first.

Let's go to the plug-in section of our browser and set FoxyProxy from Disable to Burp proxy. Head over Burpsuite and check that the intercept is ON in the proxy section. After all those checks it's time to hit the Transfer button.

It caught the POST request with juicy information. Now we have a clear look on what field is passed and how. Click the right button and then Send to the Repeater. Since we're performing a race condition we have to do a little bit of hacking behind what we've learnt so far.

In the Repeater section with our tab 1 opened, we need to send in parallel 20 of those requests in order to score the flag and the amount of 100 dollars on the second telephone line balance. In order to achieve this hit the + near Tab 1 and select Create Tab Group, input a name as you prefer and add the Tab 1 to the group. Then hit Create.

We've created our tab group, now we to click the Arrow near the Tab Group name "Group 1", so we will check that Tab 1 is inside. Now right click on Tab 1 and Duplicate Tab. Select 20 times and then you'll make sure that our tab group now contains 21 Tabs. Before hit Send button we need to check that we've enabled the parallel sending request, otherwise with other options like single connections, separate connections, etc.. IT WON'T WORK!!

In case i've forgot to mention, arrow down under Send button and you'll see this menu here...

With FoxyProxy still on and the intercept on in Burpsuite we can hit t Send in Parallel. After we receive a response with transaction-successfullcode we can go ahead and take the intercept off in Burpsuite. Now let's go to the freezed browser page and let's refresh it. It will appear something like this unusual error.

This is something we want to achieve in order to score the flag from the other account, now try to log in with 071 phone line and check the balance.

Perfect everything worked fine, THM{PHONE-RACE} is our flag. You can reverse the entire procedure for the balance going from the second to the first phone line but it's not mandatory to complete this task.

WARNING! Don't get frustrated if you failed the first time, this actually had taken me various days in order to get the flag, various restarting of the Machine and AttackBox. Keep on trying.

Detecting and Mitigating Race Conditions
From a business owner's point of view, spotting race conditions can be tricky. For example, if a few users manage to redeem the same gift card more than once, it might go unnoticed unless someone is actively monitoring the logs for unusual activity. Since race conditions can also be used to exploit more subtle system flaws, it's important to involve penetration testers and bug bounty hunters to help uncover and report these issues.

Here are some common ways to prevent race conditions:

Synchronization Mechanisms: Programming languages offer tools like locks to ensure only one thread can access a shared resource at a time.
Atomic Operations: These are operations that run completely without interruption, ensuring that no other thread can interfere while they’re being executed.
Database Transactions: Transactions group multiple database actions into a single unit. Either all actions succeed together, or none do—this helps maintain data consistency and prevents conflicts from simultaneous access.

Now we can look for the last challenge in this room, which is...

Exploiting Race Conditions: Machine 2 - Bank Transfers

The key takeaway is this: race conditions exploit the time gap between state transitions.

If a malicious user can send multiple requests during that tiny window—often just milliseconds—they might trick the system into applying a coupon multiple times or transferring more money than allowed.

Step-by-Step Exploit
Quit the first machine and start this last one. After few minutes will be displayed MACHINE_IP:PORT, that in my case is 10.10.204.217:5000. Let's copy and paste this into our Firefox url bar. We will be landing in a log in page. Here we can log in with the first account credentials showed as Rasser Cond.

We noticed that the account balance is $100, our action logic will be transferring funds from Rasser to Zadowni and a second hop from Zadowni to Warunki in order to score more than $1000 on the account. Basicly the hacking behind this task is equal to task one, so will be sending in parallel request with Burpsuite intercept ON, we will turned OFF when we will receive a transaction-successfull status back from the application server.

Let's transfer $95 dollars from Rasser to Zadovni, in the background i've prepared everything to intercept. Let's hit the transfer button and we'll capture the POST request in Burp.

Let's send the request into Repeater, Group Tab with a fancy name like "First Transfer" and duplicate 10 times. Before hitting Send button, set into parallel requests.

Turn intercept OFF and try to log in with Zadowni account. We will find a $400+ in balance, to transfer to Warunki.

Second transfer, before continuing make sure that everything in the background is intercepting fine our session!

QUICK TIPS! Try to not overdue when duplicating this second transaction, no more than 3 tabs and the magic will work fine ;)

Get the last flag THM{BANK-RED-FLAG} and our job is done here.

🧠 Personal Thoughts
What makes race conditions particularly interesting is their non-deterministic nature. Unlike SQL injection or XSS, which are often reliably reproducible, race conditions depend on timing. This makes them harder to detect, test, and fix.

From a developer’s perspective, it’s a reminder of the importance of atomic operations and locking mechanisms in concurrent environments. From a pentester’s view, it’s a thrilling challenge that requires creativity and precision.

🛡️ Mitigation Strategies
To prevent race conditions:

Use database transactions to ensure atomicity.
Implement locking mechanisms (e.g., mutexes) when accessing shared resources.
Validate state on the server side before and after critical operations.
Rate-limit sensitive actions to reduce the chance of concurrent abuse.

🧪 Final Thoughts
The TryHackMe Race Conditions room is a fantastic hands-on introduction to a subtle yet impactful vulnerability. It teaches not just how to exploit, but also how to think like an attacker—and more importantly, how to defend against such attacks.

If you’re into web security, this room is a must-try. It’s not just about hacking—it’s about understanding the systems we build and how they can fail in unexpected ways.

Solving TryHackMe's "Crack the Hash" Room - A Complete Walkthrough

Emanuele — Wed, 04 Jun 2025 18:22:42 +0000

Introduction
Welcome, fellow hackers and learners! In this post, I’ll walk you through my experience solving the "Crack the Hash" room on TryHackMe. This room is a great way to sharpen your skills in hash identification and cracking techniques using tools like Hash-Identifier, John the Ripper, and Hashcat.

Whether you're new to CTFs or brushing up on your skills, this guide will help you understand the logic behind cracking hashes and how to approach each challenge.

Each task in the room gives you a hash and asks you to identify and crack it. The hashes vary in type and complexity, from MD5 to SHA-512 to b-crypt and beyond.

Task 1: The Easy Hashes

Hash: 48bb6e862e54f2a795ffc4e541caed4d

Use Hash-Identifier or online tools like TunnelsUp Hash Analyzer.

→ Likely MD5 (since SHA uses CAPITAL LETTERS! while hashing)

I started the AttackBox previously, command terminal opened, let's do some HaShCaT

Since i didn't remember all the modules associated with all the hashing for hashcat, i used Microsoft Copilot to address this issue, you're welcome Satya Nadella ;)

Before input hashcat prompt i'll create now a file called hash.txt where we can write our task's hashes each time and crack it with the same command, we will only modify module numbers!

nano hash.txt

From now on, we will Copy&Paste each hash one-by-one, from Tryhackme into the clipboard of the AttackBox.
After saving the first hash in our temporary file, we will prompt the hashcat command by selecting module o for MD5, a temporary file to write the cracked result called cracked.txt and our beloved leaked wordlist rockyou.txt

hashcat -m 0 -a 0 -o cracked.txt hash.txt /usr/share/wordlists/rockyou.txt

A couple of seconds later we have our hash cracked, let's grab the results by simply:

cat cracked.txt

Done! Very Simple and clean way i should say! Now we will repeat the process of Copy&Paste + the cat of the result.

Hash: CBFDAC6008F9CAB4083784CBD1874F76618D2A97

→ Likely SHA but what kind?

Well, here's the solution, a very nice scheme to classify quickly this and the next case:

I'm going SHA-1 following this image.

hashcat -m 100 -a 0 -o cracked.txt hash.txt /usr/share/wordlists/rockyou.txt

And Grab the result here:

Hash: 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032

Reflecting the 64 char hash it's SHA-256, so we will craft:

hashcat -m 1400 -a 0 -o cracked.txt hash.txt /usr/share/wordlists/rockyou.txt

And the result will be:

Hash: $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom

Since there is a little bit of a known pattern $2*$ , we will use Copilot to find evidence of that online and it will tell us that is a b-crypt hash

Hint and a maybe tip: Add at the end of our known prompt a --force to kindly speed up the process but be aware that this will take LONGER, and yes even an AMD EPYC processor (which is the one on the AttackBox that i'm using) takes forever to crack given this conditions. (26 days)

We need an easy way out, let's dig a little bit in Tryhackme, you'll see they want a 4-letter result under this hash. We need to shorten the wordlist rockyou to a new version with only 4-letters attempt. We will call it rockyou4l.txt

iconv -f latin1 -t utf-8 /usr/share/wordlists/rockyou.txt | grep -E '^[a-zA-Z]{4}$' > /usr/share/wordlists/rockyou4l.txt

Invoke hashcat command with the modified rockyou version and try to get the result:

hashcat -m 3200 -a 0 -o cracked.txt hash.txt /usr/share/wordlists/rockyou4l.txt --force

Grab the result: bleh

Hash: 279412f945939ba78ce0758d3fd83daa

A different approach here to spot this Likely-MD5 hash. So first let's check what Hash Analyzer has to tell us.

Second step is to actually try the command that we've put in place for the first hash in MD5.

Spoiler: NO LUCK! - So it's MD4 then

We can use md4 modules in hashcat which is -m 900, but i tried a powerful web MD4 decryptor called dCode.fr

Eternity22 is our final answer, now we can move into something a little bit spicier.

Task 2: Level 2 Hashes

🔐 1. Hash:
F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85

Likely Algorithm: SHA-256

No need to further investigate, let's input -m 1400and fired up hashcat or we can use another powerful tool called CrackStation!

So paule, first answer.

🔐 2. Hash:
1DFECA0C002AE40B8619ECF94819CC1B

Likely Algorithm: MD4, but after some research online i've discovered that actually is not.

The hash 1DFECA0C002AE40B8619ECF94819CC1B is identified as an NTLM hash based on its length and format:

🔍 Why It's NTLM:
Length:
NTLM hashes are 32 hexadecimal characters long (128 bits).
This hash is exactly 32 characters: ✅
Hexadecimal Format:
NTLM hashes are represented in uppercase hexadecimal (0–9, A–F).
This hash fits that pattern: ✅
No Salt:
NTLM hashes are unsalted, meaning the same password always produces the same hash.
This hash doesn't include a salt or any prefix: ✅

Ok so module -m 1000 for NTLM in hashcat right? Actually i've got also Crackstation that still works for us ;)

Second answer, done: n63umy8lkf4i

🔐 3. Hash:
$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Format: $6$ indicates SHA-512 crypt (used in Linux /etc/shadow)

Salt: aReallyHardSalt

We will use another tool this time that is called John The Ripper since i don't know, hashcat after rebooting the AttackBox into a new session doesn't work anymore :/

Using the file mentioned previously, hash.txt, we have to copy and paste this hash and prepare the command for john the ripper that looks like this:

john --format=sha512crypt -wordlist=/usr/share/wordlists/rockyou.txt hash.txt

It will take some time to run, a long time, but won't crash i'll promise!

Manage to score the decrypted word waka99 after 20 mins-ish, grab the word and onto the next and final hash!

🔐 4. Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6
Salt: tryhackme

Ok, there is a hint, since we're running out of time we need a quick win here...

Alright, this means the original message (e.g., a password or token) was hashed using HMAC-SHA1 with the key "tryhackme", and the result was the SHA-1 hash shown. The structure will have <key>:<salt> format, we will adapt to this pattern our hash + the "tryhackme" salt at the end.

e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme

Nano that into the hash.txt file and we will now adapt the john command line to achieve this last decryption.

WAIT!

John doesn't support that and yes, you'll see the final answer here! I came across this website since i was googling weird behaviours i was getting from the terminal. Anyway, i want to crack it by myself. This screen i'll save for later to do double-checks. So, back to hashcat then, after re-installing amd drivers and other forums looked to get back to work, i'll share my command to crack it.

hashcat -a 0 -m 160 <hash:salt> /usr/share/wordlists/rockyou.txt

Let it run and it will find the answer, 481616481616

Conclusion
"Crack the Hash" is a fantastic room to practice real-world hash cracking techniques. It teaches you how to think like an attacker and gives you hands-on experience with industry-standard tools.

If you enjoyed this walkthrough or have questions, drop a comment below or connect with me on TryHackMe.

Happy hacking! 🧑‍💻💥