💘 Romance & Co – Corp Website TryHackMe Walkthrough

 


💘 Romance & Co – Corp Website TryHackMe Walkthrough 

🧩 Room Details

  • Platform: TryHackMe

  • Room Name: Corp Website (Romance & Co)

  • Category: Web

  • Difficulty: Medium

  • Target Port: http://MACHINE_IP:3000

📖 Scenario Overview

Valentine’s Day is approaching, and Romance & Co is preparing for peak business season.

But behind the scenes:

  • Security alerts are triggered

  • Logs are incomplete

  • Developers deny responsibility

  • Shareholders demand answers

Your task as a security analyst is to:

  • Retrace the attacker’s steps

  • Identify how the compromise occurred

  • Capture both user and root flags

🎯 Objectives

  1. Identify the initial web vulnerability

  2. Exploit the flaw to gain user access

  3. Escalate privileges

  4. Capture:

    • ✅ User flag

    • ✅ Root flag

🔎 Initial Enumeration

After launching the machine and browsing to:

http://MACHINE_IP:3000

The application reveals characteristics of a modern web stack, likely built using a JavaScript framework (hinted by the user flag).

Basic enumeration techniques:

  • View page source

  • Inspect JavaScript files

  • Check for exposed API endpoints

  • Test for input validation weaknesses

  • Scan for hidden routes

⚠ Stage 1 – Web Exploitation (Initial Access)

The vulnerability involved improper handling of user-controlled input within the web application.

Indicators suggested:

  • Weak backend validation

  • Potential command execution

  • Framework-specific misconfiguration

The exploitation ultimately led to remote code execution and a shell as a low-privileged user.

🏁 User Flag

After gaining shell access and navigating through the system, the user flag was located.

THM{R34c7_2_5h311_3xpl017}

🔍 What This Suggests

The flag hints at:

  • A React-based front end

  • A shell exploitation method

  • Web-to-system compromise path

⚡ Stage 2 – Privilege Escalation

With user-level access obtained, the next step was privilege escalation.

Standard enumeration techniques include:

  • Checking sudo permissions

  • Searching for SUID binaries

  • Inspecting cron jobs

  • Reviewing writable files

  • Checking misconfigured services

A privilege escalation vector was identified and exploited successfully, granting root access.

🏁 Root Flag

THM{Pr1v_35c_47_175_f1n357}

This confirms full system compromise.

📚 Key Learning Points

  • Modern web frameworks can still contain critical misconfigurations.

  • Initial access often comes from simple input validation flaws.

  • Always enumerate thoroughly after gaining shell access.

  • Privilege escalation is frequently due to overlooked system misconfigurations.

  • Web exploitation and Linux privilege escalation often go hand-in-hand.

🛡 Defensive Recommendations

For development teams:

  • Validate and sanitize all user input.

  • Disable unnecessary backend functionality.

  • Avoid exposing internal API routes.

  • Follow least-privilege principles.

  • Regularly audit SUID files and sudo permissions.

  • Conduct penetration testing before production deployment.

💡 Why This Room Is Valuable

This challenge teaches:

  • Web application exploitation

  • Remote shell access techniques

  • Privilege escalation fundamentals

  • Real-world breach investigation mindset

It’s ideal practice for:

  • Aspiring penetration testers

  • Blue team analysts

  • Cybersecurity students

  • Bug bounty hunters

Comments

Post a Comment

Popular Posts