BOLT - A hero is unleashed [THM] Walkthrough.


Ok, so here is my Walkthrough on the room of TryHackMe known as Bolt.

It is a CMS based machine having Remote Code Execution and its beginner-friendly box. Come let's Do This Together.


First things first, find your machine in Tryhackme named Bolt - A hero unleashed.


Connect to your Tryhackme VPN server using your configuration file (<username>.ovpn) and here is the reference command in case you need it.

	root@root:#openvpn <username>.ovpn


Also, deploy your machine from task 1 on the room and get the IP address.


Information gathering:

Take this <ip> to do some Nmap scan to find what ports are open there.

	root@root:#nmap -A  <ip>

OK, so three ports are open :

22-SSH(OpenSSH)   |   80 (HTTP-Apache)    |   8000 (HTTP-PHP 7.2.32-1)


As port 80 is there so I tried to open it into web browser <ip>:80

Ahhh.. nothing interesting just default page of Ubuntu Apache 2 server

Then as port 8000 is also having HTTP service so I tried port 8000 <ip>:8000

And got this Bolt CMS page.

Ahha! a blue screen but not of Death(BOD) instead of a hit.