Wreath Network


Wreath is a network on TryHackMe. The network contains one public facing web server and two other clients inside the internal network. The goal was to perform a penetration test against this network and write a report. Initial foothold inside the network was done by exploiting a vulnerable Webmin version. After that the attacker could pivot to another server, that was running a vulnerable version of GitStack. From there the developer machine could be compromised by exploiting a unrestricted file upload vulnerability. On the developer machine, the privilege escalation to SYSTEM has been done by abusing an unquoted service path.

As described earlier the last challenge was to write a penetration test report. Medium does not allow it to upload PDF files, so you can download the final report from my Dropbox.


Out of the blue, an old friend from university: Thomas Wreath, calls you after several years of no contact. You spend a few minutes catching up before he reveals the real reason he called:

“So I heard you got into hacking? That’s awesome! I have a few servers set up on my home network for my projects, I was wondering if you might like to assess them?”

You take a moment to think about it, before deciding to accept the job — it’s for a friend after all.

Turning down his offer of payment, you tell him: I’ll do it!


Thomas has sent over the following information about the network:

There are two machines on my home network that host projects and stuff I’m working on in my own time — one of them has a webserver that’s port forwarded, so that’s your way in if you can find a vulnerability! It’s serving a website that’s pushed to my git server from my own PC for version control, then cloned to the public facing server. See if you can get into these! My own PC is also on that network, but I doubt you’ll be able to get into that as it has protections turned on, doesn’t run anything vulnerable, and can’t be accessed by the public-facing section of the network. Well, I say PC — it’s technically a repurposed server because I had a spare license lying around, but same difference.

The Penetration Test report: https://www.dropbox.com/s/d4x2sdu92xn5vr7/Wreath-PenetrationTestReport.pdf?dl=0




Passionate about Cyber Security. I am publishing CTF writeups and Cybersecurity content!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Youtube Exe Iso Tar Rar Zip Apk Index Of

Youtube Exe Iso Tar Rar Zip Apk Index Of

Dylan’s Notes of Let’s Encrypt(letsencrypt)

Don’t Use Free Email Services For Business Use — Real Estate Agent

Cloud Computing and Cybersecurity News Stories Between 12th January and 18th January

FalconFriday — Privilege Escalations to SYSTEM  — 0xFF13

Deposit and Withdraw STORJ on Wollito

Pundi X Set to Work With Merkle Science to Prevent Money Laundering

IDall and Passcon Blue Paper, Part III.3.2 Login Authentication

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Passionate about Cyber Security. I am publishing CTF writeups and Cybersecurity content!

More from Medium

WebAppSec: Parameter Tampering

VulnHub — The Planets: Mercury CTF

[Cryptohack] Triple DES solution

Jumping in Headfirst