Member-only story
THM - Sequence
7 min readSep 22, 2025
A writeup for “Sequence” on TryHackMe
Chain multiple vulnerabilities to take control of a system.
The room involves exploiting XSS vulnerabilities in a web application and escaping Docker in order to obtain root access on a vulnerable system.
Footpriting
We can start by doing a scan with nmap.
nmap -sS -p- MACHINE_IP
nmap -A -p 80 MACHINE_IPPress enter or click to view image in full size![]()
There are only two open ports: one for SSH on port 22, and one for the website on port 80.
Before proceeding, it is better to add the domain indicated in the room description to our hosts file.
echo MACHINE_IP review.thm >> /etc/hostsIf we try to visit the website on port 80, we can see that there are only two options: logging in or sending feedback.
