Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

TryHackMe Mr. Robot room walkthrough

4 min readJun 24, 2021

This is a write up covering steps taken to solve a beginner level security challenge Mr. Robot room in TryHackMe platform.

This blog is written as part of task of Masters Certification in Red Team Program from HackerU.

Step 1 : Connect to TryHackMe and start target machine

  1. Download OpenVPN configuration setting from TryHackMe platform
  2. Connect to TryHackMe by running the command in kali terminal:

sudo openvpn /pathtoOVPNfile.ovpn

3. Start machine in ‘Mr. Robot’ room — target ip address will be displayed in a minute.

https://tryhackme.com/room/mrrobot

Step 2 : Information gathering using Nmap

  1. Start nmap scan of the target ip:

nmap -A -O <target ip>

Press enter or click to view image in full size

Step 3: Detailed Findings

Open ports:

22 : SSH

80 : http

443 : https

  1. Accessing port 80 http
Press enter or click to view image in full size

2. Accessing source code > Found a message ‘You are not alone’

Press enter or click to view image in full size

3. Viewing robots.txt > Found 1st flag ‘key-1-of-3.txt’ and a user dictionary

Press enter or click to view image in full size

4. Download and save ‘fsocity.dic’. Trying dirbuster to find directories and files, found ‘login’ page.

Press enter or click to view image in full size

5. Navigating to /login/, now trying to use burp suite intercept

Press enter or click to view image in full size

6. Capture request in burp suite and forward request to intruder tab.

Press enter or click to view image in full size

7. Select sniper attack type, Select the username and password as parameter

Press enter or click to view image in full size

8. Load fsocity-1.dic dictionary as data input for username, start the attack.

9. Found user name, now find password with same dictionary file

Press enter or click to view image in full size
Press enter or click to view image in full size

10 . Password found

Press enter or click to view image in full size
Password found

11. Login with found username and password to wp-login page as the site is based on wordpress

Press enter or click to view image in full size

12. Search for page where php-reverse shell can be uploaded to get reverse shell.

Found 404.php > updated php-reverse-shell here

Press enter or click to view image in full size

13. Start listener nc on kali machine, and browse the updated template page in browser.

nc -nlvp 4444

Press enter or click to view image in full size

Found password

Press enter or click to view image in full size

Try to spawn shell:

python -c ‘import pty; pty.spawn(“/bin/sh”)’ python -c ‘import pty; pty.spawn(“/bin/sh”)’

14. Found 2nd flag!

su robot

15. Escalate privileges and search for 3rd flag!

Search for users privilege permission:

find / -perm /4000 -type f 2>/tmp/2

Press enter or click to view image in full size

Got root access

nmap — — interactive

15. Found 3rd flag

With these steps, I was able to answer all questions posted in Mr. robot room on TryHackMe.

Thank you for reading this blog..

--

--

HinaK
HinaK

Written by HinaK

4 followers
8 following

Software Tester

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech