Share
## https://sploitus.com/exploit?id=331FDB90-7E05-565A-A932-0DF6DC6FBAB2
# ๐Ÿ” THM Writeups

Hands-on TryHackMe machine writeups documented during active learning.

![Status](https://img.shields.io/badge/Status-Active-brightgreen) ![Machines](https://img.shields.io/badge/Machines_Rooted-4-blue) ![Platform](https://img.shields.io/badge/Platform-TryHackMe-red) ![Focus](https://img.shields.io/badge/Focus-Offensive_Security-darkred)

*Full process documented โ€” recon to root, including what failed and why.*

---

## ๐Ÿ–ฅ๏ธ Machines

| Machine | Difficulty | OS | Key Techniques |
|---------|------------|----|----------------|
| [BLUE](./BLUE) | Easy | Windows | EternalBlue (MS17-010), SMB exploitation |
| [TOMGHOST](./TOMGHOST) | Easy | Linux | Apache Tomcat, Ghostcat (CVE-2020-1938) |
| [IGNITE](./IGNITE) | Easy | Linux | Fuel CMS 1.4 RCE, privilege escalation |
| [ROOTME](./ROOTME) | Easy | Linux | Apache, file upload bypass, SUID Python |

---

## โš™๏ธ Methodology

Every machine follows the same structured approach:
```
Reconnaissance     โ†’  passive info gathering
       โ†“
Enumeration        โ†’  nmap, gobuster, searchsploit
       โ†“
Vulnerability      โ†’  manual analysis, CVE lookup
Discovery
       โ†“
Exploitation       โ†’  metasploit / manual
       โ†“
Privilege          โ†’  linpeas, SUID, sudo -l
Escalation
       โ†“
Post Exploitation  โ†’  flags, loot
```

---

## ๐Ÿ› ๏ธ Tools Used

![Nmap](https://img.shields.io/badge/-Nmap-blue) ![Metasploit](https://img.shields.io/badge/-Metasploit-blueviolet) ![Gobuster](https://img.shields.io/badge/-Gobuster-orange) ![LinPEAS](https://img.shields.io/badge/-LinPEAS-red) ![GTFOBins](https://img.shields.io/badge/-GTFOBins-black)

---

## ๐Ÿ“ Each Machine Folder Contains

- Full notes with commands and actual output
- Reasoning behind every step taken
- Screenshots of key findings
- Dead ends โ€” what didn't work and why

---

## โš ๏ธ Disclaimer

All machines documented here are **intentionally vulnerable systems** hosted on TryHackMe.
These techniques are practiced strictly for educational purposes.
Never test systems without explicit authorization.

---

*Adarsh Dubey ยท Cybersecurity Student*