Hello everyone! This is Sujal, and today, I’ll be walking you through the Overpass 2 — Hacked lab on TryHackMe. This lab is a great starting point for anyone familiar with basic Linux commands, Wireshark, and privilege escalation techniques. The challenges are straightforward and provide a solid foundation for diving deeper into practical cybersecurity skills.

Let’s get started and explore the steps to successfully complete the lab!

In the Overpass 2 — Hacked challenge, we step into an incident where a web application has been defaced and back-doored by a malicious group. Our mission: trace the attacker’s footsteps through network captures, inspect the custom backdoor code, crack the credentials, and finally regain root. This exercise demonstrates how even simple misconfigurations and publicly-available tools can lead to full system compromise

Begin by downloading Wireshark and the associated .pcap file. Open the .pcap file in Wireshark. In the display filter bar, enter:

tcp.stream eq 1

This filter isolates TCP stream 1, which represents the complete conversation between two endpoints — from the initial handshake to the termination of the session. TCP streams are useful for reconstructing the full context of a connection, including payloads and interactive sessions.