Member-only story
Cheese CTF: TryHackMe Walkthrough
Hello, everyone! In this post, we’ll be exploring the Cheese CTF room on TryHackMe, where we tackle several exciting challenges. We’ll use SQL injection to bypass a login screen, exploit a File Inclusion vulnerability to achieve Remote Code Execution (RCE), move between user accounts, and finally escalate our privileges to gain root access.
Let’s break down the approach and solve this room!
Step 1: Setting Up and Initial Recon
To get started, I created a directory for Cheese CTF on my machine. Since an nmap scan isn’t particularly necessary in this case, I skipped it after confirming that Port 80 and SSH (Port 22) were the main focus here.
Once you have the target IP, simply copy it into your browser. The website presents itself as a cheese shop with a few functionalities: Products, About Us, Contact, and Login. Most of these links lead to the same page, except for the Login, which…
