#tryhackme #pentesting #python
In this video, I walk you through a full step-by-step exploitation of the TryHackMe Lunizz room, covering everything from initial enumeration to full root compromise.
We start with Gobuster directory enumeration, where we discover an instruction.txt file that leaks credentials and the first flag. From there, we explore hidden directories, interact with SQL-backed inputs, and manipulate database values to unlock further functionality.
As the attack progresses, I demonstrate how to:
Exploit a command execution vulnerability
Spawn a reverse shell
Analyze and crack a bcrypt + Base64 password using Python and rockyou.txt
Pivot between users (adam → mason)
Perform a real-world privilege escalation technique to gain root access
This lab is challenging, time-consuming, and incredibly rewarding, making it perfect for anyone looking to sharpen their web exploitation, Linux privilege escalation, and password cracking skills.
🎯 What you’ll learn in this video:
Gobuster & directory brute-forcing
SQL logic manipulation
Reverse shell payload execution
Bcrypt hash cracking with Python
User pivoting & privilege escalation
Capturing user and root flags
If you’re preparing for CTFs, TryHackMe, OSCP-style labs, or real-world pentesting, this walkthrough will level up your skills.
👉 Don’t forget to like, subscribe, and comment if you found this helpful!
