The Sticker Shop: TryHackMe Writeup.

The Sticker Shop THM

Hey there, fellow hackers! 👋 Let’s dive into a fun and easy TryHackMe room called The Sticker Shop. This room challenges us to exploit a poorly secured website hosted on the same machine used for everyday browsing. Not the brightest idea, right? 🤔

By following the steps below, you’ll learn how to exploit Cross-Site Scripting (XSS) and grab the hidden flag. It’s beginner-friendly, but you’ll still pick up some essential hacking techniques. Let’s get started! 🚀

Step 1: Reconnaissance with Nmap

The first step in any hacking challenge is reconnaissance. Using Nmap, we scan the target IP (10.10.169.224) to discover open ports:

nmap -sC -A 10.10.169.224

This scan reveals two open ports:

• Port 8080: Hosts the sticker shop’s website.
• Port 22: SSH

Let’s head over to http://10.10.169.224:8080 to explore the webpage.