Cat Pictures — TryHackMe WalkThrough
📰 Medium · Cybersecurity
Learn how to compromise a target machine using multiple techniques like port knocking and binary exploitation in the TryHackMe Cat Pictures room
Action Steps
- Run a full port scan using nmap to identify open and filtered services
- Use anonymous FTP access to gather information about the target machine
- Exploit a hidden internal shell service to gain initial access
- Use binary exploitation to escalate privileges
- Extract SSH keys to gain remote access
- Abuse cron jobs to achieve full root access
Who Needs to Know This
This walkthrough is beneficial for security professionals and penetration testers who want to improve their skills in exploiting vulnerabilities and gaining root access to a system. It can also be useful for system administrators who want to learn how to identify and fix security weaknesses in their systems.
Key Insight
💡 Chaining multiple techniques can lead to a complete system takeover, highlighting the importance of securing all services and configurations
Share This
🔍 Compromise a target machine using port knocking, anonymous FTP, and binary exploitation in the TryHackMe Cat Pictures room 🔒
Key Takeaways
Learn how to compromise a target machine using multiple techniques like port knocking and binary exploitation in the TryHackMe Cat Pictures room
Full Article
Title: Cat Pictures — TryHackMe WalkThrough
URL Source: https://medium.com/@rayenhafsawy/cat-pictures-tryhackme-walkthrough-ace4a608f068?source=rss------cybersecurity-5
Published Time: 2026-04-25T08:55:17Z
Markdown Content:
# Cat Pictures — TryHackMe WalkThrough | by Rayenhafsawy | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Cat Pictures — TryHackMe WalkThrough
[](https://medium.com/@rayenhafsawy?source=post_page---byline--ace4a608f068---------------------------------------)
[Rayenhafsawy](https://medium.com/@rayenhafsawy?source=post_page---byline--ace4a608f068---------------------------------------)
Follow
5 min read
·
2 hours ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Face4a608f068&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&user=Rayenhafsawy&userId=8ba6039d603e&source=---header_actions--ace4a608f068---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Face4a608f068&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=---header_actions--ace4a608f068---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3Dace4a608f068&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=---header_actions--ace4a608f068---------------------post_audio_button------------------)
Share
Press enter or click to view image in full size

**Date: 15/04/2026**
**Room Link:**[**https://tryhackme.com/room/catpictures**](https://tryhackme.com/room/catpictures)
**My Profile:**[**https://tryhackme.com/p/RayenHafsawy**](https://tryhackme.com/p/RayenHafsawy)
## 🧭 Introduction
In this write-up, I demonstrate how I compromised a target machine by chaining multiple techniques — including port knocking, anonymous FTP access, a hidden internal shell service, binary exploitation, SSH key extraction, and cron job abuse — to achieve full root access.
This lab is a perfect example of how security through obscurity, weak service configurations, and writable scheduled scripts can combine into a complete system takeover.
## 🔍 1. Initial Reconnaissance
I started with a full port scan to identify all open and filtered services:
nmap -p 1-10000 -T4 10.113.179.22

[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Cat Pictures — TryHackMe WalkThrough
[](https://medium.com/@rayenhafsawy?source=post_page---byline--ace4a608f068---------------------------------------)
[Rayenhafsawy](https://medium.com/@rayenhafsawy?source=post_page---byline--ace4a608f068---------------------------------------)
Follow
5 min read
·
2 hours ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Face4a608f068&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&user=Rayenhafsawy&userId=8ba6039d603e&source=---header_actions--ace4a608f068---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Face4a608f068&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=---header_actions--ace4a608f068---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3Dace4a608f068&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40rayenhafsawy%2Fcat-pictures-tryhackme-walkthrough-ace4a608f068&source=---header_actions--ace4a608f068---------------------post_audio_button------------------)
Share
Press enter or click to view image in full size

**Date: 15/04/2026**
**Room Link:**[**https://tryhackme.com/room/catpictures**](https://tryhackme.com/room/catpictures)
**My Profile:**[**https://tryhackme.com/p/RayenHafsawy**](https://tryhackme.com/p/RayenHafsawy)
## 🧭 Introduction
In this write-up, I demonstrate how I compromised a target machine by chaining multiple techniques — including port knocking, anonymous FTP access, a hidden internal shell service, binary exploitation, SSH key extraction, and cron job abuse — to achieve full root access.
This lab is a perfect example of how security through obscurity, weak service configurations, and writable scheduled scripts can combine into a complete system takeover.
## 🔍 1. Initial Reconnaissance
I started with a full port scan to identify all open and filtered services:
nmap -p 1-10000 -T4 10.113.179.22
![Image 4](https://miro.medium.com/
DeepCamp AI