Skip to content

Valikahn/TryHackMe-Web-Application-Red-Teaming

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 

Repository files navigation

Web Application Red Teaming Writeups PathwayCompleted

Banner license Writeups Buy Me a Coffee GitHub User's stars Discord

This repository contains my personal TryHackMe writeups, study notes and walkthroughs from the TryHackMe Web Application Red Teaming learning path.

The purpose of this repository is to document my methodology, commands, observations, mistakes, exploitation chains and lessons learned while working through advanced web application red teaming rooms. These notes are intended for revision, portfolio building, technical reference and continuous improvement.

About This Repository

Each writeup is based on work completed within an authorised TryHackMe training environment. The rooms and systems covered are intentionally designed for cyber security education, practical exploitation and controlled experimentation.

Where relevant, the writeups may include IP addresses assigned during a lab session. Testing is performed using the TryHackMe AttackBox or a personal Kali Linux virtual machine connected to the TryHackMe network through OpenVPN.

PLEASE NOTE: This repository focuses on the Web Application Red Teaming path. The writeups may involve advanced exploitation concepts, including cryptographic weaknesses, custom tooling, vulnerability chaining, web application firewall bypass techniques and attacks against LLM-enabled applications.

The format of each entry will vary according to the room, objective and level of complexity. Some rooms may focus on a single technique, while others may require several weaknesses to be chained together into a full exploitation path.

Important

This repository will NEVER contain material taken from TryHackMe professional certification examinations or other restricted assessments. It will NOT* provide any flags, passwords, cracked credentials or confidential material that will slow the rate of learning.

If you are looking for any assistance, answers, guides, specific walkthroughs you will NOT find any of those here, help/assistance is limited, but available via the TryHackMe Discord.

What a Writeup May Include

Depending on the room, module and learning objective, a writeup may contain:

  • Room and module overview;
  • Learning objectives;
  • Environment and tooling notes;
  • Target and attacker IP details where relevant;
  • Enumeration and reconnaissance steps;
  • Web application mapping;
  • Request and response analysis;
  • Vulnerability identification and validation;
  • Cryptographic weakness analysis;
  • Custom tooling or automation logic;
  • Exploitation chain development;
  • WAF bypass methodology;
  • LLM attack surface analysis;
  • Initial access methodology where applicable;
  • Shell handling or session management where applicable;
  • Commands and selected sanitised output;
  • Mistakes, troubleshooting and alternative approaches;
  • Key findings and lessons learned;
  • Defensive recommendations or remediation notes; and
  • References and supporting documentation.

Writeups are intended to explain the methodology and decision-making process rather than provide a simple answer list.

Learning Path

Learning Path: Web Application Red Teaming

This path focuses on taking web application pentesting beyond vulnerability discovery and into practical exploitation. It covers complex vulnerability chains and shows how individual weaknesses can be combined to demonstrate meaningful impact in a controlled red team-style environment.

The path currently includes:

Section Focus Area
Cryptographic Failures Understanding and exploiting weaknesses in cryptographic implementation.
Custom Tooling Building or adapting tools to automate exploitation workflows.
Chaining Vulnerabilities Combining multiple issues to achieve a larger objective.
Bypassing WAF Understanding web application firewall behaviour and bypass techniques.
Attacking LLMs Exploring prompt injection, insecure output handling, privacy risks and model-related abuse cases.

The learning path is designed to strengthen practical exploitation methodology, technical reasoning and the ability to show the real impact of discovered vulnerabilities.

Published Writeups

No. Section Challenge Difficulty Status
1 Custom Tooling CAPTCHApocalypse Medium Planned
2 Chaining Vulnerabilities Extract Hard Planned
3 Chaining Vulnerabilities Voyage Medium Planned
4 Chaining Vulnerabilities Sequence Medium Planned
5 Bypassing WAF Padelify Medium Planned
6 Bypassing WAF Farewell Medium Planned
7 Attacking LLMs Juicy Medium Planned
8 Attacking LLMs BankGPT Easy Planned
9 Attacking LLMs HealthGPT Easy Planned

Status Key

Status Meaning
Planned The room has been selected but documentation has not started.
In Progress The room is currently being completed and documented.
Complete The writeup has been published.
Archived The room or writeup is no longer actively maintained.
Host Error A lab or room issue has been encountered and reported.

Tools Commonly Used

The tools used will vary by room, objective and target behaviour. The following list is representative rather than exhaustive.

Reconnaissance and Enumeration Web and Application Testing Exploitation and Access Custom Tooling and Automation
Nmap Burp Suite Metasploit Framework Python
RustScan OWASP ZAP Netcat Requests
Gobuster ffuf Hydra Beautiful Soup
Feroxbuster SQLmap PayloadsAllTheThings Playwright
WhatWeb Postman GTFOBins Selenium
Nikto Browser Developer Tools CyberChef Bash scripting
Cryptography and Encoding WAF and Filtering Analysis LLM Security Testing Supporting References
OpenSSL Burp Suite Repeater Manual prompt testing OWASP Web Security Testing Guide
Hashcat Burp Suite Intruder Input and output handling review OWASP Top 10
John the Ripper Encoding and case manipulation Data leakage testing OWASP API Security Top 10
CyberChef Payload mutation Indirect prompt injection review OWASP Top 10 for LLM Applications
hashpump Header and parameter tampering Model behaviour analysis PortSwigger Web Security Academy

Methodology

My general workflow is:

  1. Review the room objectives and identify any prerequisite knowledge.
  2. Prepare the lab environment and record the relevant connection details.
  3. Confirm the target scope before running active testing.
  4. Map the application, endpoints, parameters, authentication flow and observable controls.
  5. Capture baseline requests and responses before making changes.
  6. Identify possible weaknesses and validate them carefully.
  7. Build a repeatable exploitation path rather than relying on one-off behaviour.
  8. Chain vulnerabilities only within the authorised lab scope.
  9. Record commands, observations, failed approaches and important output.
  10. Redact flags, answers, credentials, hashes, tokens and other restricted material.
  11. Explain why each successful technique worked rather than listing commands without context.
  12. Record lessons learned and link the activity to wider cyber security practice.
  13. Add defensive recommendations or remediation notes where appropriate.
  14. Review the finished writeup for accuracy, clarity and compliance with TryHackMe rules.

The emphasis is on repeatable methodology, clear reasoning and controlled exploitation. Finding the bug is useful; proving the impact safely is where the learning lands properly.

Content and Spoiler Policy

These notes may contain spoilers, command output, vulnerability details and complete attack or investigation paths. Anyone actively completing a room should attempt it independently before reading the associated writeup.

This repository will not intentionally publish:

  • TryHackMe flags or answer strings;
  • passwords or cracked credentials;
  • reusable session tokens;
  • private keys or sensitive certificates;
  • certification examination content;
  • copied room instructions or substantial portions of TryHackMe material;
  • exploit material aimed at real-world unauthorised targets; or
  • material that TryHackMe or a room author has asked learners not to share.

Where a value is necessary to explain the methodology, it will be represented using a placeholder such as <TARGET_IP>, <USERNAME>, <EMAIL_ADDRESS>, <SESSION_VALUE_REDACTED> or <REDACTED>.

If restricted or sensitive information is included accidentally, please report it through the repository's GitHub Discussions or Issues area so it can be reviewed and removed.

Ethical Use Disclaimer

These writeups are for educational purposes only and are based on authorised TryHackMe lab environments.

All tools, commands, techniques, and methodologies referenced in these writeups were used within controlled training environments where permission was provided by the owner and/or operator of the lab platform. The systems discussed are intentionally vulnerable machines designed for cybersecurity learning, practice, and assessment.

Do not use these techniques, tools, or methods against systems, networks, applications, or services that you do not own or do not have explicit written permission to test. Unauthorised access, scanning, exploitation, or disruption of systems is illegal and unethical.

The tools and methods listed in this repository are examples of approaches used during specific rooms or learning exercises. They are not the only possible solutions, and other tools, techniques, or workflows may be used depending on the target environment, room design, and individual methodology.

Accuracy and Maintenance

TryHackMe periodically updates, replaces or retires rooms and learning paths. Links, room sequences and path content may therefore change after a writeup is published.

Each writeup should be treated as a record of the room as it appeared on the date documented. Where a material change is identified, the relevant page may be updated or marked as archived.

If you notice a broken link, outdated instruction, formatting problem, technical error or any other noticeable issue within a writeup, please report it through the repository's Issues tab. When raising an issue, include the name of the affected writeup, a brief description of the problem and, where possible, the relevant section or line.

Constructive corrections are welcome and help keep the repository accurate, useful and maintainable.

Connect With Me

Thanks for checking out my TryHackMe writeups. These notes form part of my ongoing cybersecurity learning journey, where I document rooms, techniques, tools, mistakes and lessons learned while working through different challenges.

You can view my TryHackMe profile here:

TryHackMe Profile - V4L1K4HN

I am also active within cybersecurity learning communities, including Discord, where I discuss labs, tools, methodologies and general security topics with other learners and practitioners.

Feel free to follow my progress, compare approaches or get in touch if you are working through similar rooms.

Walkthrough requests are always welcome, although publication will depend on my availability and whether sharing the content complies with the platform's rules.

Created by V4L1K4HN as part of my cybersecurity learning journey through TryHackMe.

License

Unless otherwise stated, the original written content in this repository is licensed under the Creative Commons Attribution 4.0 International License.

Copyright © 2026 V4L1K4HN.

You may share and adapt the licensed material for any purpose, including commercially, provided that:

  • appropriate credit is given to V4L1K4HN;
  • a link to the license is provided; and
  • any changes made to the original material are clearly indicated.

This license applies only to original material created by the repository author. TryHackMe content, branding, room materials, third-party software, trademarks, externally sourced material, and any other third-party intellectual property remain subject to their respective owners' terms and licenses.

See the LICENSE file for the complete legal terms.


"Buy Me A Coffee"

Powered on ☕ made with ❤️ by V4L1K4HN
⭐ If this project is useful, consider starring it on GitHub.

About

Personal TryHackMe write-ups, notes and methodologies covering advanced web application exploitation, custom tooling, cryptographic attacks, vulnerability chaining and WAF bypass techniques.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors