Tokyo Ghoul — TryHackMe

6 min readMar 17, 2021
Tokyo Ghoul — THM

This is a write-up for TryHackme’s room named “Tokyo Ghoul”. Please find this room here:

Task is to find the user and root’s flag and along the way answer the questions asked. So let’s Help kaneki escape jason room and start enumeration process using NMAP.



# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p-

$ sudo nmap -sS -Pn -T4 -p-
21/tcp open ftp
22/tcp open ssh
80/tcp open http

# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p21,22,80

$ sudo nmap -O -A -Pn -T4 -p21,22,80

21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_drwxr-xr-x 3 ftp ftp 4096 Jan 23 22:26 need_Help?
| ftp-syst:
| FTP server status:
| Connected to ::ffff:
| Logged in as ftp
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 1
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 fa:9e:38:d3:95:df:55:ea:14:c9:49:d8:0a:61:db:5e (RSA)
| 256 ad:b7:a7:5e:36:cb:32:a0:90:90:8e:0b:98:30:8a:97 (ECDSA)
|_ 256 a2:a2:c8:14:96:c5:20:68:85:e5:41:d0:aa:53:8b:bd (ED25519)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Welcome To Tokyo goul

From the scan results we can answer the question asked in first section.

HTTP Port 80

Checking Web Port 80 using a browser, found the following text in the Web Page’s source of the link on the main page(Can you help him escape?)

<!-- look don't tell jason but we will help you escape , here is some clothes to look like us and a mask to look anonymous and go to the ftp room…

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204