My TryHackMe Writeups

Writing THM excersise solvings here and my thoughts on how to solve them

Project maintained by NaystyX Hosted on GitHub Pages — Theme by mattgraham

Wonderland

https://tryhackme.com/room/wonderland

Tasks

First I start with nmap as always to find what ports are in use

image

Also running a gobuster on the http server.

image

After reading Follow the white rabbit and seing the first directory be /r/, I thought of trying /a and so on and got to /r/a/b/b/i/t/

Going to view page source I saw alice:HowDothTheLittleCrocodileImproveHisShiningTail which could be ssh login.

image

image

image

I can run the walrus_and_the_carpenter.py but I cannot edit it. Also going to /root/ folder I found the user.txt flag.

image

image

Viewing the walrus and the carpenter show it importing random which game me the idea to create random.py that would run in the walrus py file.

image

image

And this game me the rabbit role.

image

image

Reading the file I see this

image

So I though of doing a file date

image

image

Hatters password: WhyIsARavenLikeAWritingDesk?

Then I decided to run LinPeas to find priviledge escalation types.

image

Searching in GTFOBins I found a match.

image

And escalating my priviledges I got the root access and found the last flag

Conclusion

Definitely on the harder side but also familiar types that I used to crack the machine.