This repository documents an authorized web application penetration testing lab completed on the TryHackMe platform.
The project follows the room Guided Pentest: Web and documents the complete assessment workflow, including reconnaissance, enumeration, access-control testing, authentication weakness analysis, administrative access validation, remote code execution, attack-chain analysis, evidence collection, and technical reporting.
This work was performed exclusively inside the TryHackMe training environment.
No testing was conducted against third-party systems, public targets, or real organizations.
| Item | Description |
|---|---|
| Platform | TryHackMe |
| Room | Guided Pentest: Web |
| Target Application | RecruitX |
| Assessment Type | Guided Web Application Penetration Test |
| Environment | Authorized Training Lab |
- Document a complete web application penetration testing workflow
- Collect and organize technical evidence
- Demonstrate structured vulnerability analysis
- Map vulnerabilities to business and technical risk
- Produce portfolio-ready cybersecurity documentation
- Practice professional GitHub repository organization
The assessment followed a structured workflow inspired by:
- OWASP Web Security Testing Guide (WSTG)
- OWASP Top 10
- PTES (Penetration Testing Execution Standard)
- NIST Cybersecurity Framework 2.0
| Task | Topic | Documentation |
|---|---|---|
| 01 | Introduction | docs/tasks/task-01-introduction.md |
| 02 | Reconnaissance and Enumeration | docs/tasks/task-02-reconnaissance-enumeration.md |
| 03 | IDOR | docs/tasks/task-03-idor.md |
| 04 | Weak Password Reset | docs/tasks/task-04-weak-password-reset.md |
| 05 | Admin Panel Access | docs/tasks/task-05-admin-panel-access.md |
| 06 | Remote Code Execution | docs/tasks/task-06-remote-code-execution.md |
| 07 | The Attack Chain | docs/tasks/task-07-attack-chain.md |
| 08 | Conclusion | docs/tasks/task-08-conclusion.md |
- Service Enumeration
- Web Application Mapping
- HTTP Header Analysis
- Directory Enumeration
- API Discovery
- Insecure Direct Object Reference (IDOR)
- Weak Password Reset Logic
- User Enumeration
- Administrative Access Weaknesses
- Remote Code Execution (RCE)
- Vulnerability Chaining
- TryHackMe AttackBox
- Linux Terminal
- Nmap
- Curl
- Gobuster
- Web Browser
- Git
- GitHub
Evidence screenshots are stored in:
screenshots/
Naming convention examples:
03-task-02-01-port-scanning.png
04-task-03-01-idor-discovery.png
06-task-05-05-admin-panel-access.png
07-task-06-04-command-execution-validation.png
.
├── archive/
├── docs/
│ └── tasks/
├── evidence/
│ └── 00-environment/
└── screenshots/
- Lab overview
- Environment familiarization
- Port scanning
- Service analysis
- HTTP header inspection
- Directory enumeration
- API discovery
- Profile identifier discovery
- Unauthorized profile access
- Session analysis
- API enumeration
- Password recovery workflow analysis
- Reset request analysis
- Weak reset logic validation
- Unauthorized account access validation
- Administrative endpoint discovery
- User enumeration
- Administrative account identification
- Access validation
- Input handling analysis
- Payload validation
- Command execution validation
- Multi-stage attack path analysis
- Vulnerability chaining demonstration
- Assessment review
- Lessons learned
- Reconnaissance
- Enumeration
- Web Application Assessment
- Access Control Testing
- Authentication Testing
- API Security Analysis
- Vulnerability Validation
- Attack Chain Analysis
- Technical Documentation
- Evidence Collection
- Security Reporting
- Git and GitHub Portfolio Management
- Broken Access Control
- Authentication Weaknesses
- Authorization Failures
- User Enumeration
- Administrative Exposure
- Remote Code Execution
- Defense in Depth
- Attack Surface Analysis
This repository documents activities performed exclusively within an authorized cybersecurity training environment provided by TryHackMe.
No testing was performed against real organizations, production systems, or third-party infrastructure.
This repository intentionally excludes sensitive material such as active credentials, session tokens, secrets, flags, or information that could enable unauthorized access.
See SECURITY.md for the safe reporting policy and handling process for sensitive material.
This project demonstrates practical experience in:
- Web Application Security
- Penetration Testing Methodology
- Vulnerability Assessment
- Security Documentation
- Git-Based Evidence Management
- Professional Reporting
Completed Successfully.
Original documentation and analysis in this repository are licensed under the Creative Commons Attribution 4.0 International Public License. See LICENSE.
Third-party platform content, trademarks, room material, screenshots, and interfaces are not relicensed by this repository. See NOTICE.md.