TryHackMe — RootMe CTF Solution
📰 Medium · Cybersecurity
Learn to solve the RootMe CTF challenge by identifying web vulnerabilities and escalating privileges
Action Steps
- Run a port scan using nmap to identify open ports
- Use gobuster to perform a directory scan on the web server
- Identify potential vulnerabilities in the Apache version and exploit them
- Establish a reverse shell connection to the target machine
- Escalate privileges to gain root access
Who Needs to Know This
This solution benefits cybersecurity teams and individuals looking to improve their vulnerability assessment and exploitation skills
Key Insight
💡 Combining port scanning, directory scanning, and vulnerability exploitation can lead to successful privilege escalation
Share This
💡 Solve the RootMe CTF challenge by finding web vulnerabilities and escalating privileges
Key Takeaways
Learn to solve the RootMe CTF challenge by identifying web vulnerabilities and escalating privileges
Full Article
Title: TryHackMe — RootMe CTF Solution
URL Source: https://medium.com/@efeqozel/tryhackme-rootme-ctf-solution-7b8cb9540e3e?source=rss------cybersecurity-5
Published Time: 2026-04-23T19:35:10Z
Markdown Content:
# TryHackMe — RootMe CTF Solution. Summary: In RootMe CTF room we need to… | by Efe Özel | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
# TryHackMe — RootMe CTF Solution
[](https://medium.com/@efeqozel?source=post_page---byline--7b8cb9540e3e---------------------------------------)
[Efe Özel](https://medium.com/@efeqozel?source=post_page---byline--7b8cb9540e3e---------------------------------------)
Follow
4 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F7b8cb9540e3e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&user=Efe+%C3%96zel&userId=f6bcf50252ee&source=---header_actions--7b8cb9540e3e---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7b8cb9540e3e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=---header_actions--7b8cb9540e3e---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D7b8cb9540e3e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=---header_actions--7b8cb9540e3e---------------------post_audio_button------------------)
Share
> Summary: In RootMe CTF room we need to find web vulnerabilities and then we use reverse shell connect to terminal after than privelege escalation
## STEP 1: Reconnaissance
Firstly i will port scan with the nmap.
Press enter or click to view image in full size
> **_Scan the machine, how many ports are open? = 2_**
>
>
> **_What version of Apache is running? = 2.4.41_**
>
>
> **_What service is running on port 22? = ssh_**
We saw the results and target machine have just 2 port first 22/tcp ssh second is 80/tcp http port. maybe i can check the apache version for vulneratabilities. But i firstly check the web server.
Press enter or click to view image in full size
We saw the web server is running with the file.
I can dir scan with gobuster tool is there.
Gobuster resutls
URL Source: https://medium.com/@efeqozel/tryhackme-rootme-ctf-solution-7b8cb9540e3e?source=rss------cybersecurity-5
Published Time: 2026-04-23T19:35:10Z
Markdown Content:
# TryHackMe — RootMe CTF Solution. Summary: In RootMe CTF room we need to… | by Efe Özel | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
# TryHackMe — RootMe CTF Solution
[](https://medium.com/@efeqozel?source=post_page---byline--7b8cb9540e3e---------------------------------------)
[Efe Özel](https://medium.com/@efeqozel?source=post_page---byline--7b8cb9540e3e---------------------------------------)
Follow
4 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F7b8cb9540e3e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&user=Efe+%C3%96zel&userId=f6bcf50252ee&source=---header_actions--7b8cb9540e3e---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7b8cb9540e3e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=---header_actions--7b8cb9540e3e---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D7b8cb9540e3e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40efeqozel%2Ftryhackme-rootme-ctf-solution-7b8cb9540e3e&source=---header_actions--7b8cb9540e3e---------------------post_audio_button------------------)
Share
> Summary: In RootMe CTF room we need to find web vulnerabilities and then we use reverse shell connect to terminal after than privelege escalation
## STEP 1: Reconnaissance
Firstly i will port scan with the nmap.
Press enter or click to view image in full size
> **_Scan the machine, how many ports are open? = 2_**
>
>
> **_What version of Apache is running? = 2.4.41_**
>
>
> **_What service is running on port 22? = ssh_**
We saw the results and target machine have just 2 port first 22/tcp ssh second is 80/tcp http port. maybe i can check the apache version for vulneratabilities. But i firstly check the web server.
Press enter or click to view image in full size
We saw the web server is running with the file.
I can dir scan with gobuster tool is there.
Gobuster resutls
DeepCamp AI