June 16, 2026
Smol (THM) Tryhackme Medium Challenge Walkthrough
Description : Test your enumeration skills on this boot-to-root machine.
Lawvye
1 min read
Difficulty : Medium
Note : All of the content and images are from https://tryhackme.com/
Room : https://tryhackme.com/room/smol
Enjoy.
Task 1 Smol
At the heart of Smol is a WordPress website, a common target due to its extensive plugin ecosystem. The machine showcases a publicly known vulnerable plugin, highlighting the risks of neglecting software updates and security patches. Enhancing the learning experience, Smol introduces a backdoored plugin, emphasizing the significance of meticulous code inspection before integrating third-party components.
Quick Tips: Do you know that on computers without GPU like the AttackBox, John The Ripper is faster than Hashcat?
Note: Please allow 4 minutes for the VM to fully boot up.
Answer the questions below
Q1.) What is the user flag?
cat user.txt
45edaec653ff9ee06236b7ce72b86963cat user.txt
45edaec653ff9ee06236b7ce72b86963Answer : 45edaec653ff9ee06236b7ce72b86963
Q2.) What is the root flag?
~$ cat root.txt
bf89ea3ea01992353aef1f576214d4e4~$ cat root.txt
bf89ea3ea01992353aef1f576214d4e4Answer : bf89ea3ea01992353aef1f576214d4e4
I hope you enjoyed reading this post as much as I enjoyed writing it. Thanks for reading my blog sir ;) Lawvye