This is my write-up for the TryHackMe room on Guided Pentest: Infrastructure. Written in 2026, I hope this write-up helps others learn and practice cybersecurity.

Task 1: Introduction

This section introduces the core methodology of infrastructure penetration testing: enumeration, vulnerability analysis, initial access, privilege escalation, and reporting. It emphasizes the importance of adopting an a[t]tacker's mindset to successfully identify system weaknesses.

No question provided.

No answer needed

Task 2: Enumeration

Enumeration is the crucial first step to discover open ports and services on a target. This task demonstrates using Nmap with specific f[l]ags (-sV, -sC, -oN) to map out the target's a[t]tack surface and gather essential service versions.

What port other than 22 is open on the target host?

Figure 1: Nmap scan results revealing additional open ports.

6667

Task 3: Vulnerability Analysis

This phase involves researching the discovered services to identify potential misconfigurations or known security flaws. It introduces using search engines and command-line tools like s[e]archsploit to query the Exploit-DB offline database for viable scripts.

Use searchsploit to find an exploit for your target UnrealIRC version. What is the path value for the Remote Downloader/Execute script?

Note: I transitioned to a Kali Linux attack machine due to technical issues with the previous environment.

Figure 2: Initial broad search for UnrealIRC scripts.

The initial search was too broad; therefore, I refined the query to specifically target unrealirc [dot] d to locate the relevant execution script.

Figure 3: Refined search successfully identifying the target script path.

linux/remote/13853 [dot] pl

Task 4: Initial Access

This task demonstrates how to leverage M[e]tasploit to utilize a known vulnerability. It walks through searching for the appropriate module, configuring required payload and target parameters, and executing the c[o]mpromise to gain an initial remote session on the system.

Figure 4: Searching for available UnrealIRC [dot] d modules.

Figure 5: Configuring the required module options and target IP.

Figure 6: Executing the module and successfully establishing a remote session.

Figure 7: Retrieving the user-level t[o]ken.

What is the user-level flag?

THM{Pwned-Y0ur-First-Machine}

Task 5: Post Exploitation

After gaining an initial foothold, the next step is privilege escalation. This section highlights basic Linux enumeration by searching the file system for sensitive information, successfully locating a plaintext cred[e]ntial file to escalate to root access via S[S]H.

Figure 8: Locating a sensitive plaintext file during system enumeration.

By reading the /etc [slash] password [dot] txt file, the root cred[e]ntials were recovered. Subsequently, a new terminal session was initiated to establish a remote connection via S[S]H.

Figure 9: Establishing a secure remote session as the root user.

Figure 10: Retrieving the final root-level t[o]ken.

What is the root flag?

THM{Escalat1on-D0ne}

Task 6: Reporting

Reporting is the final and most critical deliverable of a penetration test. A professional report must clearly communicate findings, compromise reproduction steps, and actionable remediation advice to both technical engineers and management stakeholders.

Which report section is aimed at engineering managers?

Technical Summary

Task 7: Conclusion

This final section summarizes the end-to-end infrastructure penetration testing process covered in the room. It reinforces the steps taken from an initial IP scan to full system compromise and provides additional TryHackMe resources for continued learning.

No question provided.

No answer needed

Thanks for reading. See you in the next lab.