Walkthrough of TryHackMe Pyrat - exploiting a Python-based RAT via arbitrary code execution, extracting credentials from Git history, and brute-forcing an admin endpoint for root access.

Walkthrough of TryHackMe LazyAdmin - exploiting SweetRice CMS backup disclosure to obtain admin credentials, uploading a PHP webshell via the ads feature, and escalating to root through a writable shell script executed via sudo.

Walkthrough of TryHackMe B3dr0ck - exploiting TLS certificate services to obtain credentials, using sudo certutil for lateral movement, and decoding multi-layered encoded passwords for root access.

A walkthrough of the Dreaming room on TryHackMe, exploiting Pluck CMS, command injection via MySQL, and Python library hijacking for privilege escalation.