Member-only story
TryHackMe writeup: HackPark
HackPark (“tryhackme”, 2019) is a TryHackMe tutorial room that has the user “[b]ruteforce a websites login with Hydra, identify and use a public exploit then escalate your privileges on this Windows machine” (quoted verbatim from Ibid). This was an interesting room (for me at least). It took me nearly a month to finish this room because of my tendency to “break the rules,” but finish it I did. I will discuss my experience with this room in this article.
Procedure
Before I begin, I must define the objective of this room. In this case to exploit vulnerabilities on the target system to get a lesser-privileged user account and then exploit a privilege escalation vulnerability to get SYSTEM level privileges. I must then dump the user.txt and root.txt flags.
So, I clicked on the green-coloured “start machine” button on the top-right part of the first task and proceeded to add the target machine’s dynamic IP address onto my AttackBox’s /etc/hosts configuration file.
Reconnaissance
This room is running a web server, so I ran Burp Suite (PortSwigger, n.d.-a) and visited the target’s website with its built in browser. The following (Fig. 1) is what comes up in the homepage:
