Try Hack Me - ccpentesting

Pentesting Crash Course

The Pentesting Crash Course room on Try Hack Me is a great place to start learning about common tools and methodologies used in penetration testing.

This write up documents the “final exam” machine that is presented as the last task in the room.


VMs can sometimes take a minute or two to come up. We can monitor the state of the box with ping.



nmap -A -T4 --open --top-ports 1000 -sV -oN nmap.out

Looks like ssh and Apache.


GoBuster has shown us there is a /secret page we can visit, but when we navigate there in chrome it is an empty body. We can tell at the very least that secret is a directory, so lets gobuster it again.

Hmm nothing, lets check for files with .txt extensions.

Read the contents of secret.txt with a browser or cURL, and use the credentials to connect to ssh.



Run the hash through hashid to see what kind of hash it is. Use the -m flag to see the correlating hashcat mode


hashid thinks it is most likely a SHA1 hash. Crack the hash with hashcat using the mode provided by hashid.


Connect with the cracked credentials and you’ll find the user flag in nyan’s home directory.


sudo -l

Check the users sudo privileges.

You should know what to do from here…