ColddBox: Easy — TryHackMe

4 min readJan 31, 2021

This is the write-up for TryHackMe’s room named ColddBox: Easy

Rooms’s URL :

Its is an easy boot2root box and task is to get user and root flag


# Identify the list of services running on the target machine

sudo nmap -sS -Pn -T4 -p-

# Perform further information gathering on the open ports identified above

sudo nmap -O -A -Pn -T4 -p80,4512

So we have a WordPress site and SSH running on a non standard port.

WordPress Enumeration

Browse the website

And find the WordPress login Portal at :

Next step is to run WPScan to enumerate plugins and users and check if user’s passwords can be brute forced:

wpscan --url --enumerate ap,u

[+] XML-RPC seems to be enabled: ==> This indicates that user’s passwords can be brute forced.

Put the above users in a file named user.txt and lets brute force the password:

wpscan --url…




Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204