3 min readOct 22, 2020

This is the write-up for room named 0day on TryHackMe.

The room can be found here :- https://tryhackme.com/room/0day

Details given:

Exploit Ubuntu, like a Turtle in a Hurricane. Root my secure Website, take a step into the history of hacking.

What is required?:

user.txt and root.txt



As always lets start scanning the target with the IP given:

nmap -sC -sV

We have port 22-SSH and port 80-Web open with the above versions. Let enumerate further port 80 using Nikto.


nikto -h

The above nikto scan reveals that this box is vulnerable to Shellshock. This is a very famous bug in bash and according to Wikipedia(https://en.wikipedia.org/wiki/Shellshock_(software_bug)):

Shellshock, also known as Bashdoor,is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests. Nikto scan also revealed few interesting web directories like /admin,/backup and /secret. Lets keep that in mind and if required we can come back to these directories later for further enumeration.

We can use cURL and try to enumerate further and test if we are actually vulnerable to Shellshock.


curl -H “Referer: () { test;}; echo ‘Content-Type: text/plain’; echo; echo; /usr/bin/id; exit”


Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204