Solving "Guided Pentest: Infrastructure" (TryHackMe)

I'll be covering the answers and walkthrough for this room. So buckle up and let's dive in.

rad0v

~3 min read · May 22, 2026 (Updated: May 22, 2026) · Free: Yes

Disclaimer! This writeup is for those people who are stuck in this room and not able to navigate further.

Task 1 is easy just start up the target VM and attack box. I'll be using Kali Linux box for this room.

Enumeration

Before you touch a single exploit or try a single password, you need to understand what you're looking at. Enumeration is the foundation of every penetration test and, without it, you're just guessing. The goal here is simple: learn as much as you can about the target before making any moves. What ports are open? What services are running? What versions are behind them? Every piece of information you gather now shapes the decisions you'll make later. Rushed enumeration leads to missed opportunities, and in a real engagement, that could mean the difference between a finding and a footnote in your report.

Command : nmap -sV -sC -oN scan.txt IP

Task 2 Answers:

6667

Vulnerability Analysis

Your Nmap output gave you two open ports. The simplest method here is to Google their versions and the keyword "exploit".

For example, Googling "OpenSSH 9.6p1 exploit" might yield results on theoretical or very distribution-specific exploits, but nothing tangible. So it is most likely a dead end.

If you are comfortable with the Kali packages, instead of googling, you can use the searchsploit utility to find exploits. Searchsploit is a command-line tool that lets you search Exploit-DB's offline database of public exploits and vulnerability disclosures directly from your terminal.

Command : searchsploit UnrealIRCd

Task 3 Answers:

linux/remote/13853.pl

Initial Access

The good part about the exploit we are going to use is that there's a Metasploit module for it. This makes exploitation much easier than modifying exploit scripts. Let's fire up Metasploit first.

msfconsole

Follow the instructions in the room and you will be able to get the flag easily!

Task 4 Answers:

THM{Pwned-Y0ur-First-Machine}

Post Exploitation

Now that we've gotten a foothold on the target machine, we need to check for ways to escalate our privileges.

To find the flag in this room, we need to get the root password first. Which we found to be PDLrCVl1pLD91U0JMmCz

Now ssh into root account: ssh root@TARGET_IP

Task 5 Answers:

THM{Escalat1on-D0ne}

Reporting

A good penetration test report must contain:

A cover page with a title, your name, and email address, and version control.
A table of contents (Optional).
An executive summary, aimed at the manager who requested the engagement, explaining what was achieved in non-technical terms.
A technical summary aimed at the engineering manager, so they understand the impact and can prioritize accordingly (Optional).
A table of all vulnerabilities found, ordered by severity, aimed at managers and engineers, again to prioritize accordingly.
Detailed exploitation section, where each vulnerability and its impact are explained, exploitation steps and proof are shown, and recommendations for mitigations are given. This is aimed at engineers who will remediate your findings.

Task 6 Answers:

technical summary

Conclusion

Hope this writeup helped you! Stay tuned for more room writeups.

#tryhackme #cybersecurity #ethical-hacking #tryhackme-writeup #penetration-testing

< Go to the original