TryHackMe: Inclusion


  1. Port Scan

2. High port scan

Not much useful

3. OS and services scan

4. Vulnerability scan

Not much useful

5. Access HTTP site on port 80

View page source

Explore all pages

Try to input some value to parameter.

6. Directory discovery

Not much useful


  1. LFI

Seems like with “http://<ip>/article?name=”, I can read /etc/passwd.

View page source for easier viewing.

There’re 2 users: root and falconfeast.
Also there’s credential comment - falconfeast:rootpassword

Try to login into SSH with the credential.


[Privilege escalation]

  1. sudo

There’s socat.

Look up at GTFOBin

Now I’m root.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store