TryHackMe | CTF | Walkthrough | Raven

4 min readDec 30, 2021

Checkout this virtual machine on TryHackMe. LogIn on TryHackMe, go to rooms → raven1he. Link: https://tryhackme.com/room/raven1he

Information Gathering:
Go for Nmap and start the information gathering on the virtual machine.

Check out the port 80, Website is running for Raven Security.

Flag One Found :
Remember to always check the source code of the webpage. Guess what I found the first flag on the website while clicking on the services webpage, checking the page source.

While searching other directories on the webpage using the gobuster command:
gobuster dir -u http://<IP Address> -w /usr/share/wordlists/dirbuster/<wordlist of your choice>

I found that the website is running on WordPress. I tried to find exploit on the internet, but it wasn't helpful. Next up, I decided to do a wpscan to find out more details about the machine. It was worth doing a wpscan, I got the information on the users of the website. Users are Michael and Steven.

Brute Forcing:
Now that we have information on the users, we obviously need passwords for the user. Han on, where are you going to use this username and password? Well, initially I found that port 22 is open, we might be able to ssh through the new found credentials.

Found the credentials of username michael, password michael

Flag Two Found:
SSH login successful. After searching for quite a while, I found the second flag int the /var/www directory.

Flag Three & Four Found:
Now after getting the information on the second flag, it took me a while to find the third flag. I was expecting a privilege escalation to be a third flag, but raven said nopety nope nope!! After exhausting myself, I went for the tool Linpeas. It enumerates on the machine and finds out information that will take ages manually.