6 min readJan 27, 2021

This is the write-up for TryHackMe’s room named — Internal

This room can be found here:-

Task at hand is simple — Treat this as a Real Life PenTest and find out User.txt and Root.txt as proof of exploitation.

Ensure that you modify your hosts file to reflect internal.thm e.g. update /etc/hosts file with: internal.thm


# Identify the list of services running on the target machine

sudo nmap -sS -Pn -T4 -p-

# Perform further information gathering on the open ports identified above

sudo nmap -O -A -Pn -T4 -p22,80

So we have a Apache Web Server running on port 80 and SSH on port 22.Lets Brute Force directories of the Web Server to see if we can find anything. We will come back to SSH enumeration if needed.


A Simple gobuster scan reveals a WordPress site which we can enumerate further using WPScan.

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://internal.thm -t 40


Let’s enumerate the WordPress site for all plugins and users using

wpscan --url http://internal.thm/wordpress/ --enumerate u,ap


Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204