Press enter or click to view image in full size
Introduction
Welcome to my step-by-step walkthrough of Boiler CTF, a medium-level challenge on TryHackMe. This guide focuses on gaining user and root access, using classic enumeration and exploitation techniques to capture both flags.
✨Answers to the room’s questions are provided at the end to ensure a comprehensive, challenge-driven learning experience.
Step 1: Initial Enumeration & Port Scanning
Every effective CTF run begins with thorough reconnaissance. I launched a Nmap scan to fingerprint all open services:
nmap -sCV -vv <target-ip> -p- -T5The scan revealed four open ports:
- 21 (FTP)
- 80 (HTTP)
- 10000 (HTTP/Webmin)
- 55007 (SSH)
Step 2: Web Directory Enumeration & CMS Discovery
With the web server up on port 80, I used Gobuster to hunt for hidden directories:
gobuster dir -u http://<target-ip> -w /usr/share/wordlists/dirb/common.txt