Skip to content

a-bonfim-tech/thm-guided-pentest-web

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TryHackMe — Guided Pentest: Web

This repository documents an authorized web application penetration testing lab completed on the TryHackMe platform.

The project follows the room Guided Pentest: Web and documents the complete assessment workflow, including reconnaissance, enumeration, access-control testing, authentication weakness analysis, administrative access validation, remote code execution, attack-chain analysis, evidence collection, and technical reporting.

Scope

This work was performed exclusively inside the TryHackMe training environment.

No testing was conducted against third-party systems, public targets, or real organizations.

Lab Information

Item Description
Platform TryHackMe
Room Guided Pentest: Web
Target Application RecruitX
Assessment Type Guided Web Application Penetration Test
Environment Authorized Training Lab

Objectives

  • Document a complete web application penetration testing workflow
  • Collect and organize technical evidence
  • Demonstrate structured vulnerability analysis
  • Map vulnerabilities to business and technical risk
  • Produce portfolio-ready cybersecurity documentation
  • Practice professional GitHub repository organization

Methodology

The assessment followed a structured workflow inspired by:

  • OWASP Web Security Testing Guide (WSTG)
  • OWASP Top 10
  • PTES (Penetration Testing Execution Standard)
  • NIST Cybersecurity Framework 2.0

Room Tasks

Task Topic Documentation
01 Introduction docs/tasks/task-01-introduction.md
02 Reconnaissance and Enumeration docs/tasks/task-02-reconnaissance-enumeration.md
03 IDOR docs/tasks/task-03-idor.md
04 Weak Password Reset docs/tasks/task-04-weak-password-reset.md
05 Admin Panel Access docs/tasks/task-05-admin-panel-access.md
06 Remote Code Execution docs/tasks/task-06-remote-code-execution.md
07 The Attack Chain docs/tasks/task-07-attack-chain.md
08 Conclusion docs/tasks/task-08-conclusion.md

Vulnerability Areas Covered

  • Service Enumeration
  • Web Application Mapping
  • HTTP Header Analysis
  • Directory Enumeration
  • API Discovery
  • Insecure Direct Object Reference (IDOR)
  • Weak Password Reset Logic
  • User Enumeration
  • Administrative Access Weaknesses
  • Remote Code Execution (RCE)
  • Vulnerability Chaining

Tools Used

  • TryHackMe AttackBox
  • Linux Terminal
  • Nmap
  • Curl
  • Gobuster
  • Web Browser
  • Git
  • GitHub

Evidence Structure

Evidence screenshots are stored in:

screenshots/

Naming convention examples:

03-task-02-01-port-scanning.png
04-task-03-01-idor-discovery.png
06-task-05-05-admin-panel-access.png
07-task-06-04-command-execution-validation.png

Repository Structure

.
├── archive/
├── docs/
│   └── tasks/
├── evidence/
│   └── 00-environment/
└── screenshots/

Evidence Summary

Task 01 — Introduction

  • Lab overview
  • Environment familiarization

Task 02 — Reconnaissance and Enumeration

  • Port scanning
  • Service analysis
  • HTTP header inspection
  • Directory enumeration
  • API discovery

Task 03 — IDOR

  • Profile identifier discovery
  • Unauthorized profile access
  • Session analysis
  • API enumeration

Task 04 — Weak Password Reset

  • Password recovery workflow analysis
  • Reset request analysis
  • Weak reset logic validation
  • Unauthorized account access validation

Task 05 — Admin Panel Access

  • Administrative endpoint discovery
  • User enumeration
  • Administrative account identification
  • Access validation

Task 06 — Remote Code Execution

  • Input handling analysis
  • Payload validation
  • Command execution validation

Task 07 — The Attack Chain

  • Multi-stage attack path analysis
  • Vulnerability chaining demonstration

Task 08 — Conclusion

  • Assessment review
  • Lessons learned

Skills Demonstrated

  • Reconnaissance
  • Enumeration
  • Web Application Assessment
  • Access Control Testing
  • Authentication Testing
  • API Security Analysis
  • Vulnerability Validation
  • Attack Chain Analysis
  • Technical Documentation
  • Evidence Collection
  • Security Reporting
  • Git and GitHub Portfolio Management

Key Security Concepts

  • Broken Access Control
  • Authentication Weaknesses
  • Authorization Failures
  • User Enumeration
  • Administrative Exposure
  • Remote Code Execution
  • Defense in Depth
  • Attack Surface Analysis

Ethical and Legal Notice

This repository documents activities performed exclusively within an authorized cybersecurity training environment provided by TryHackMe.

No testing was performed against real organizations, production systems, or third-party infrastructure.

This repository intentionally excludes sensitive material such as active credentials, session tokens, secrets, flags, or information that could enable unauthorized access.

See SECURITY.md for the safe reporting policy and handling process for sensitive material.

Portfolio Value

This project demonstrates practical experience in:

  • Web Application Security
  • Penetration Testing Methodology
  • Vulnerability Assessment
  • Security Documentation
  • Git-Based Evidence Management
  • Professional Reporting

Status

Completed Successfully.

License and Third-Party Notice

Original documentation and analysis in this repository are licensed under the Creative Commons Attribution 4.0 International Public License. See LICENSE.

Third-party platform content, trademarks, room material, screenshots, and interfaces are not relicensed by this repository. See NOTICE.md.

About

Authorized TryHackMe web pentest case study with OWASP/PTES methodology, evidence handling, vulnerability chain analysis, and professional report structure.

Topics

Resources

License

Security policy

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors