3 min readSep 8, 2020

This write-up is based on TryHackMe’s room named Gaming Server and can be found at:-

Description says that is an easy Boot2Root box and the task is simple to get both the user and root flags.

Lets begin with a simple NMAP scan by using the command:

nmap -sC -sV

Port 22 and 80 are open. Lets check the Web-Page first:

Seems to be a simple website and the page source of the main page reveals a potential username — “john”

Lets do some directory busting using the dirsearch (

/opt/tools/dirsearch/ -u -E -x 400,500 -r -t 100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Check what is in these two links on the website: ==> A potential password list — dict.lst ==> A potential SSH key — may be for user — john

Used hydra to brute force both the users john and root using dict.lst, but no success. Used the following commands:

hydra -s 22 -v -q -l john -P dict.lst -e nsr -t 4 -w 5 ssh
hydra -s 22 -v -q -l root -P dict.lst -e nsr -t 4 -w 5 ssh


Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204