Sudo

Summary Pickle Rick is the second machine in the Road to eJPTv2 series and one of the most entertaining on TryHackMe. Unlike the first machine where the vector was SSH bruteforce, here the focus is entirely web-based: source code review, directory enumeration, and exploitation of a command panel with direct RCE. The objective is to find three secret ingredients Rick needs to revert his pickle transformation. Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Pickle Rick Skills Web Enum, Source Code Review, RCE, Reverse Shell, Sudo Privesc 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format. ...

Summary Simple CTF is the fourth machine in the Road to eJPTv2 series and the most technically varied so far. It introduces three new vectors: anonymous FTP access, SQLi exploitation with a real CVE (CVE-2019-9053) against CMS Made Simple, and privilege escalation via sudo vim. Additionally, the obtained hash is salted, requiring a custom cracking script — a differentiating skill. Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Simple CTF Skills FTP Enum, Web Enum, SQLi, Hash Cracking, SSH, Sudo Privesc 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format. ...

Summary Bounty Hacker is the fifth machine in the Road to eJPTv2 series and one of the most straightforward in terms of attack flow. Anonymous FTP doesn’t just confirm lax configurations — this time it directly delivers a password wordlist and the target username. With that data, Hydra does the heavy lifting against SSH. The escalation via sudo tar introduces a new GTFOBins binary worth knowing. Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Bounty Hacker Skills FTP Enum, SSH Bruteforce, Sudo Privesc (tar) 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format. ...

Summary Lazy Admin is the sixth machine in the Road to eJPTv2 series and the most elaborate so far in terms of attack chain. There’s no single vector — you have to chain: two-layer fuzzing to find the CMS, credential extraction from an exposed MySQL backup, MD5 hash cracking, admin panel access, reverse shell upload, and an indirect privilege escalation via sudo Perl that modifies an intermediate script. Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Lazy Admin Skills Web Enum, CMS Exploitation, Hash Cracking, File Upload, Sudo Privesc (Perl) 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format. ...