Inclusion (Tryhackme) Room Writeup By Jonty Bhardwaj

Hello Reader, I am Jonty Bhardwaj currently enrolled in Master Certificate in Cyber Security HackerU program. Today I am here to share a writeup on a Tryhackme machine called Inclusion.

Now first of all we will navigate to the Room URL and join it.

After starting the Machine we will first connect through Open VPN and ping the machine through the IP we are given to see if the connection is established. After we are successful in pinging the machine, we will start the fun part which is Pentesting and getting root privilege.


Now first we will start a Nmap scan to see what are the ports and services open on the machine.

nmap -sV -sT -t4

Now we can see that 2 ports are open and the most promising port we can gather info looks to be port 80. Lets see what's on the website there.

We go to the main website and found no info of use . So we have to use gobuster to see additional hidden directories and see if we can gather some info from.

gobuster dir -u -w /usr/share/dirbuster/wordlist/directory-list-2.3-medium.txt -t 100

From above gobuster search we found only 1 webpage


Lets navigate to webpage and see what information we can gather

We didn’t get anything important here but as directed in the lab we need to find LFI parameters . So lets search them.

When we open the hacking article on the main website , in the url we can see the parameters being displayed. We have found the LFI vulnerability.


Seeing this we know that hacking is the parameter and we can change the parameter to search for files.

After searching with trail and error we finally found the correct parameter to display critical information


Here we found the passwd file and can see that there is a user credential

Username : falconfeast

Password : rootpassword

As we have ssh port open in the machine we can login into the user and then try to escalate our privilege from there to root.

ssh falconfeast@

As you see we have successfully logged in the user. Now lets search for our first flag then we will escalate our privilege to root.

cat /home/falconfeast/user.txt

As you can tell here We have successfully found our first flag in the main directory of user falconfeast itself. Now lets try to search some more vulnerabilities to escalate our privilege to root.

Lets see which sudo permissions this user has

sudo -l

And here we go , we have found our vulnerable program named socat through which we can gain root. Lets search GTFO bins and find out how to exploit this .

On GTFO we successfully found the command to exploit this vulnerability .

sudo socat stdin exec:/bin/sh

cat /root/root.txt

Here we have successfully escalated to root shell after using the exploit command and found the root flag in the root folder.

Proof of Completion

Congratulations on completing the room and reading the blog . Hope my blog helped you in your journey and made you learn something new .

Happy Hacking !!




Avid learner and writer trying to gain as much knowledge as possible in the domain of cyber security while sharing my learning to help other people like myself.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

filecrypt — OpenSSL-based file encryption, release 0.7.2

{UPDATE} Sound Storm Hack Free Resources Generator

EPNS Deep Dive

Time Raiders IDO Allocations + Details

BuiltWith — technology profiler

Free Web Search Chatbot 🤖

PATCH Act Calls for VEP Review Board

Tulips Farm v2.0 is here!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonty Bhardwaj

Jonty Bhardwaj

Avid learner and writer trying to gain as much knowledge as possible in the domain of cyber security while sharing my learning to help other people like myself.

More from Medium

TryHackMe GamingServer Walkthrough

TryHackMe CVE-2021–41773/42013 Write-up SMN666

Simple CTF TryHackMe Writeup

Vulnhub: basic pentesting 1 (Walkthrough)