<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Tryhackme on Notes by Nisha</title><link>https://notesbynisha.com/tags/tryhackme/</link><description>Recent content in Tryhackme on Notes by Nisha</description><generator>Hugo</generator><language>en</language><copyright>&amp;copy; 2026 Nisha</copyright><lastBuildDate>Tue, 06 May 2025 00:00:00 +0000</lastBuildDate><atom:link href="https://notesbynisha.com/tags/tryhackme/index.xml" rel="self" type="application/rss+xml"/><item><title>Exploiting AlwaysInstallElevated for Windows Privilege Escalation</title><link>https://notesbynisha.com/posts/2025-05-06-alwaysinstallelevated-walkthrough/</link><pubDate>Tue, 06 May 2025 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2025-05-06-alwaysinstallelevated-walkthrough/</guid><description>A walkthrough of exploiting the AlwaysInstallElevated misconfiguration on Windows to escalate from user to SYSTEM using a malicious MSI payload.</description></item><item><title>LazyAdmin TryHackMe Walkthrough</title><link>https://notesbynisha.com/posts/2025-03-27-lazyadmin-tryhackme-walkthrough/</link><pubDate>Thu, 27 Mar 2025 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2025-03-27-lazyadmin-tryhackme-walkthrough/</guid><description>A complete walkthrough of the LazyAdmin room on TryHackMe, demonstrating enumeration, exploitation, and privilege escalation.</description></item><item><title>Anonymous Rooted: A TryHackMe Walkthrough</title><link>https://notesbynisha.com/posts/2025-03-03-anonymous-rooted/</link><pubDate>Mon, 03 Mar 2025 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2025-03-03-anonymous-rooted/</guid><description>This walkthrough covers the TryHackMe &amp;lsquo;Anonymous&amp;rsquo; room. I gain user-level access via FTP and a writable script, capture the user flag, and escalate to root via a SUID misconfiguration.</description></item><item><title>Escalate and Defend: Linux Kernel Exploit Walkthrough</title><link>https://notesbynisha.com/posts/2024-10-11-escalate-and-defend-linux-kernel-exploit/</link><pubDate>Fri, 11 Oct 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-10-11-escalate-and-defend-linux-kernel-exploit/</guid><description>A dual perspective walkthrough of TryHackMe&amp;rsquo;s Linux Privilege Escalation room (Kernel Exploits), including offensive steps and defense strategies mapped to the MITRE ATT&amp;amp;CK Framework.</description></item><item><title>TryHackMe IDOR Room Walkthrough</title><link>https://notesbynisha.com/posts/2024-06-29-idor-thm/</link><pubDate>Sat, 29 Jun 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-06-29-idor-thm/</guid><description>&lt;blockquote>
&lt;p>Walkthrough of the &lt;strong>Insecure Direct Object Reference (IDOR)&lt;/strong> room on TryHackMe, part of the Jr. Web Penetration Tester learning path.&lt;/p>&lt;/blockquote>
&lt;p>🧭 &lt;a href="https://tryhackme.com/room/idor" target="_blank" rel="noreferrer">Access the TryHackMe IDOR Room&lt;/a> — Complete this room to practice real-world exploitation of Insecure Direct Object References in a safe lab environment.&lt;/p></description></item><item><title>Steel Mountain - TryHackMe Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2024-06-16-steel-mountain-thm-walkthrough/</link><pubDate>Sun, 16 Jun 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-06-16-steel-mountain-thm-walkthrough/</guid><description>Hack into a Mr. Robot themed Windows machine. Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access.</description></item><item><title>Hacking Kenobi: From Anonymous Access to Root like a Rebel</title><link>https://notesbynisha.com/posts/2024-06-14-hacking-kenobi-tryhackme/</link><pubDate>Fri, 14 Jun 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-06-14-hacking-kenobi-tryhackme/</guid><description>A complete walkthrough of the Kenobi TryHackMe room, covering enumeration, exploiting ProFTPD, and privilege escalation using SUID PATH hijacking.</description></item><item><title>TryHackMe Ice - Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2024-06-04-ice-tryhackme-walkthrough/</link><pubDate>Tue, 04 Jun 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-06-04-ice-tryhackme-walkthrough/</guid><description>&lt;h5>Deploy &amp; hack into a Windows machine, exploiting a very poorly secured media server. &lt;/h5>
&lt;img src="https://notesbynisha.com/assets/images/thm/thm-ice-1.png">
&lt;p>&lt;strong> Room Link: &lt;/strong> &lt;a href="https://tryhackme.com/r/room/ice"> &lt;a href="https://tryhackme.com/r/room/ice" target="_blank" rel="noreferrer">https://tryhackme.com/r/room/ice&lt;/a>&lt;/a>&lt;/p>
&lt;h2 id="task-1---connect" class="relative group">Task 1 - Connect &lt;span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100">&lt;a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#task-1---connect" aria-label="Anchor">#&lt;/a>&lt;/span>&lt;/h2>&lt;p>Get connected to the TryHackMe network using OpenVPN. Make sure to first download your configuration file from &lt;a href="http://tryhackme.com/access ">your access page. &lt;/a>&lt;/p></description></item><item><title>TryHackMe Ignite Room Walkthrough: Exploiting Fuel CMS 1.4.1 RCE</title><link>https://notesbynisha.com/posts/2024-07-02-ignite-tryhackme-walkthrough/</link><pubDate>Sun, 17 Mar 2024 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2024-07-02-ignite-tryhackme-walkthrough/</guid><description>Walkthrough of TryHackMe&amp;rsquo;s Ignite room where we exploit a Remote Code Execution vulnerability in Fuel CMS 1.4.1 (CVE-2018-16763). Learn the steps of enumeration, exploitation, privilege escalation, and defense strategies.</description></item><item><title>Walking An Application - THM Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2023-09-27-walking-an-application-thm-walkthrough/</link><pubDate>Wed, 27 Sep 2023 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2023-09-27-walking-an-application-thm-walkthrough/</guid><description>&lt;p>&lt;strong> Room Link: &lt;/strong> &lt;a href="https://tryhackme.com/r/room/walkinganapplication" target="_blank">&lt;a href="https://tryhackme.com/r/room/walkinganapplication" target="_blank" rel="noreferrer">https://tryhackme.com/r/room/walkinganapplication&lt;/a>&lt;/a>&lt;/p>
&lt;p>In the "Walking An Application" room on TryHackMe, you will learn how to manually assess a web application for security vulnerabilities using only the built-in tools available in your web browser. Automated security tools and scripts often miss many potential vulnerabilities and valuable information. This room emphasizes the importance of manual review to identify and understand these overlooked issues.&lt;/p></description></item><item><title>Introduction to Offensive Security - THM Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2023-09-18-intro-to-offensive-security-thm-walkthrough/</link><pubDate>Mon, 18 Sep 2023 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2023-09-18-intro-to-offensive-security-thm-walkthrough/</guid><description>&lt;p>&lt;strong> Room Link: &lt;/strong> &lt;a href="https://tryhackme.com/r/room/introtooffensivesecurity" target="_blank">&lt;a href="https://tryhackme.com/r/room/introtooffensivesecurity" target="_blank" rel="noreferrer">https://tryhackme.com/r/room/introtooffensivesecurity&lt;/a>&lt;/a>&lt;/p>
&lt;h2 id="task-1---what-is-offensive-security" class="relative group">Task 1 - What is Offensive Security? &lt;span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100">&lt;a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#task-1---what-is-offensive-security" aria-label="Anchor">#&lt;/a>&lt;/span>&lt;/h2>&lt;p>&lt;strong> Question: Which of the following options better represents the process where you simulate a hacker&amp;rsquo;s actions to find vulnerabilities in a system? &lt;/strong> &lt;br>&lt;/p></description></item><item><title>Introduction to Defensive Security - THM Walkthrough by Nisha</title><link>https://notesbynisha.com/posts/2023-05-03-intro-to-defensive-security/</link><pubDate>Wed, 03 May 2023 00:00:00 +0000</pubDate><guid>https://notesbynisha.com/posts/2023-05-03-intro-to-defensive-security/</guid><description>&lt;p>&lt;strong> Room Link: &lt;/strong> &lt;a href="https://tryhackme.com/r/room/defensivesecurity">&lt;a href="https://tryhackme.com/r/room/defensivesecurity" target="_blank" rel="noreferrer">https://tryhackme.com/r/room/defensivesecurity&lt;/a>&lt;/a>&lt;/p>
&lt;h2 id="task-1---introduction-to-defensive-security" class="relative group">Task 1 - Introduction to Defensive Security &lt;span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100">&lt;a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#task-1---introduction-to-defensive-security" aria-label="Anchor">#&lt;/a>&lt;/span>&lt;/h2>&lt;p>&lt;strong> Learning Objectives: &lt;/strong>
Offensive security primarily aims at breaking into systems through various methods like exploiting bugs, abusing insecure setups, and bypassing access control policies. This is the realm of red teams and penetration testers.&lt;/p></description></item></channel></rss>