Sign in

RootMe is an easy level box on THM which covers enumeration of the box, obtaining a reverse shell and abusing SUID binaries to escalate our privileges.

All flags found in the write up will be blurred in order to prevent an easy win for the room. Find the room here.


As with every box, we start with an NMAP scan to see what services are running.

NMAP Results

From the NMAP results, we can see that we have the following two services running on the box:

  • Port 80 (HTTP) — Apache httpd 2.4.29

With a…


Junior Penetration Tester with a huge passion for anything Cyber Security related.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store