Open in app

Sign in

Write

Sign in

Member-only story

THM - Hammer

Francesco Pastore
4 min readApr 5, 2025

A writeup for the room Hammer on TryHackMe

Use your exploitation skills to bypass authentication mechanisms on a website and get RCE.

https://tryhackme.com/room/hammer

Footprinting

We can start by doing a scan with nmap.

nmap -sS -p- MACHINE_IP

We found two open ports: 22 and 1337.

On port 1337 we can only see a login page.

What is the flag value after logging in to the dashboard?

Searching for a possible user

Looking at the source code of the login page, we can see a comment about the directory naming convention.

We can run a scan using ffuf with hmr_ prepended to the folder name.

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
  -u http://MACHINE_IP:1337/hmr_FUZZ

We found the logs folder, which looks interesting.

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

145 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech