6 min readJan 27, 2021

This is the write-up for TryHackMe’s room named — Internal

This room can be found here:-

Task at hand is simple — Treat this as a Real Life PenTest and find out User.txt and Root.txt as proof of exploitation.

Ensure that you modify your hosts file to reflect internal.thm e.g. update /etc/hosts file with: internal.thm


# Identify the list of services running on the target machine

sudo nmap -sS -Pn -T4 -p-

# Perform further information gathering on the open ports identified above

sudo nmap -O -A -Pn -T4 -p22,80

So we have a Apache Web Server running on port 80 and SSH on port 22.Lets Brute Force directories of the Web Server to see if we can find anything. We will come back to SSH enumeration if needed.





Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204,AZ500