Wreath
Premium roomLearn how to pivot through a network by compromising a public facing web machine and tunnelling your traffic to access other machines in Wreath's network.
easy
480 min
12,995
To access material, start machines and answer questions login.
Press 'Start' to begin
Wreath is designed as a learning resource for beginners with a primary focus on:
- Pivoting
- Working with the Empire (Command and Control) framework
- Simple Anti-Virus evasion techniques
The following topics will also be covered, albeit more briefly:
- Code Analysis (Python and )
- Locating and modifying public exploits
- Simple webapp enumeration and exploitation
- Repository Analysis
- Simple Windows Post-Exploitation techniques
- Administration (CentOS and Windows)
- Cross-Compilation techniques
- Coding wrapper programs
- Simple exfiltration techniques
- Formatting a pentest report
These will be taught in the course of exploiting the Wreath network.
This is designed as almost a environment to follow along with the teaching content; the focus will be on the above teaching points, rather than on initial access and privilege escalation exploits (contrary to other boxes on the platform where the focus is on the challenge).
Tools:
A zipfile containing the tools demonstrated throughout this room is attached to this task. That said, whilst these will work, it would be advisable to download the latest versions of the tools (as instructed by the tasks) during your progression through the content, rather than relying on the provided archive. The password for this zipfile is: WreathNetwork.
Videos:
@DarkStar7471 (opens in new tab) has kindly created a series of videos to accompany the teaching content in the Wreath network. Please use these as your first line of support! Writeups in the form of pentest reports will also be made available.
The videos can be accessed directly from Dark's YouTube channel (opens in new tab); however, each task in this room also contains a link to the relevant video.
Look for the "Play" button at the very bottom right of the screen:
This will update on a task-by-task basis so that it always points to the correct video.
Prerequisites:
This network is designed for beginners, but assumes basic competence in the Linux command line and fundamental hacking methodology. The ability to read and write a little code will also be useful. Any other required knowledge will be linked throughout the tasks. If you need help, please feel free to ask in the TryHackMe Discord (opens in new tab) -- there is a channel set up for this purpose in the help section there.
Conduct:
As this network is shared amongst a number of people, it goes without saying: please don't mess things up for others in the network. There are no password changes required in any of these tasks, and no files need deleted. At various stages in this network it will be necessary to upload files and tools to the remote box. Please upload these in the format: toolname-username (e.g. socat-MuirlandOracle, shell-MuirlandOracle.aspx, etc) to avoid overwriting work belonging to anyone else. In short, don't be a troll, be respectful, and have fun!
With that being said: let's get started!
Ready to learn Cyber Security?
The Wreath room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in