<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>TryHackMe on Notes by Nisha</title><link>https://notesbynisha.com/categories/tryhackme/</link><description>Recent content in TryHackMe on Notes by Nisha</description><generator>Hugo</generator><language>en</language><copyright>&amp;copy; 2026 Nisha</copyright><lastBuildDate>Tue, 06 May 2025 00:00:00 +0000</lastBuildDate><atom:link href="https://notesbynisha.com/categories/tryhackme/index.xml" rel="self" type="application/rss+xml"/><item><title>Exploiting AlwaysInstallElevated for Windows Privilege Escalation</title><link>https://notesbynisha.com/posts/2025-05-06-alwaysinstallelevated-walkthrough/</link><pubDate>Tue, 06 May 2025 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2025-05-06-alwaysinstallelevated-walkthrough/</guid><description>A walkthrough of exploiting the AlwaysInstallElevated misconfiguration on Windows to escalate from user to SYSTEM using a malicious MSI payload.</description></item><item><title>Anonymous Rooted: A TryHackMe Walkthrough</title><link>https://notesbynisha.com/posts/2025-03-03-anonymous-rooted/</link><pubDate>Mon, 03 Mar 2025 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2025-03-03-anonymous-rooted/</guid><description>This walkthrough covers the TryHackMe &amp;lsquo;Anonymous&amp;rsquo; room. I gain user-level access via FTP and a writable script, capture the user flag, and escalate to root via a SUID misconfiguration.</description></item><item><title>TryHackMe: Enumeration &amp; Brute Force Room Walkthrough</title><link>https://notesbynisha.com/posts/2024-11-21-enumeration-brute-force-tryhackme/</link><pubDate>Thu, 21 Nov 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-11-21-enumeration-brute-force-tryhackme/</guid><description>&lt;h2 id="overview" class="relative group">Overview &lt;span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100">&lt;a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#overview" aria-label="Anchor">#&lt;/a>&lt;/span>&lt;/h2>&lt;p>This walkthrough documents my experience completing the &lt;strong>Enumeration &amp;amp; Brute Force&lt;/strong> room on TryHackMe. The room provides hands-on experience with various enumeration techniques, brute force attacks, and web application vulnerability exploitation. This write-up details my approach to each task and the key learning points along the way.&lt;/p></description></item><item><title>TryHackMe IDOR Room Walkthrough</title><link>https://notesbynisha.com/posts/2024-06-29-idor-thm/</link><pubDate>Sat, 29 Jun 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-06-29-idor-thm/</guid><description>&lt;blockquote>
&lt;p>Walkthrough of the &lt;strong>Insecure Direct Object Reference (IDOR)&lt;/strong> room on TryHackMe, part of the Jr. Web Penetration Tester learning path.&lt;/p>&lt;/blockquote>
&lt;p>🧭 &lt;a href="https://tryhackme.com/room/idor" target="_blank" rel="noreferrer">Access the TryHackMe IDOR Room&lt;/a> — Complete this room to practice real-world exploitation of Insecure Direct Object References in a safe lab environment.&lt;/p></description></item><item><title>Wireshark: The Basics - THM Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2023-12-05-wireshark-basics/</link><pubDate>Tue, 05 Dec 2023 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2023-12-05-wireshark-basics/</guid><description>&lt;p>&lt;strong> Room Link: &lt;/strong> &lt;a href="https://tryhackme.com/r/room/wiresharkthebasics" target="_blank">&lt;a href="https://tryhackme.com/r/room/wiresharkthebasics" target="_blank" rel="noreferrer">https://tryhackme.com/r/room/wiresharkthebasics&lt;/a>&lt;/a>&lt;/p>
&lt;p>&lt;strong>Learning Objectives&lt;/strong>&lt;/p>
&lt;h2 id="task-1---introduction" class="relative group">Task 1 - Introduction &lt;span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100">&lt;a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#task-1---introduction" aria-label="Anchor">#&lt;/a>&lt;/span>&lt;/h2>&lt;p>
 &lt;strong>Question: Which file is used to simulate the screenshots?&lt;/strong>
 &lt;em> Answer: http1.pcapng &lt;/em>&lt;/br>
&lt;pre>&lt;code>&amp;lt;strong&amp;gt;Question: Which file is used to answer the questions? &amp;lt;/strong&amp;gt;
&amp;lt;em&amp;gt; Answer: Exercise.pcapng &amp;lt;/em&amp;gt;&amp;lt;/br&amp;gt;
&lt;/code>&lt;/pre>
&lt;/p></description></item><item><title>Content Discovery - THM Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2023-10-13-content-discovery-thm-walkthough/</link><pubDate>Fri, 13 Oct 2023 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2023-10-13-content-discovery-thm-walkthough/</guid><description>&lt;p>&lt;strong> Room Link: &lt;/strong> &lt;a href="https://tryhackme.com/r/room/contentdiscovery" target="_blank">&lt;a href="https://tryhackme.com/r/room/contentdiscovery" target="_blank" rel="noreferrer">https://tryhackme.com/r/room/contentdiscovery&lt;/a>&lt;/a>&lt;/p>
&lt;p>
&lt;p>In cybersecurity, discovering hidden or non-obvious content on web servers is critical for any aspiring ethical hacker. The &amp;ldquo;Content Discovery&amp;rdquo; room on TryHackMe offers a detailed, hands-on approach to mastering techniques for uncovering various types of web content that can reveal vulnerabilities or sensitive data. Ideal for learners looking to deepen their web penetration testing skills, this room enhances the ability to pinpoint potential entry points on a target website.&lt;/p></description></item></channel></rss>