TryHackMe: Jump
Jump is a Red Team-focused TryHackMe room that demonstrates how small trust relationships between users and automation can be chained together to achieve full system compromise. Rather than relying on a single vulnerability, the room requires moving through multiple privilege boundaries by abusing insecure automation and misconfigurations.
The room begins with anonymous access to an FTP server that accepts uploads into an incoming directory. A background automation process executes uploaded shell scripts, providing the first foothold as recon_user. From there, each stage introduces a different privilege escalation concept.
The second stage involves a writable backup script that is later executed by dev_user, demonstrating the risks of allowing lower-privileged users to modify files executed by higher-privileged accounts. The next privilege escalation uses a PATH hijacking vulnerability, where a health check executes the ps command without specifying its full path. By placing a malicious ps binary in a writable directory earlier in the PATH, execution is redirected and access is gained as monitor_user.
The following stage uses a deployment script that executes a helper script from a writable location. Modifying the helper script results in code execution as ops_user. Finally, the room concludes with a classic GTFOBins privilege escalation by allowing ops_user to run /usr/bin/less via sudo. Since less supports shell escapes, it is possible to spawn a root shell and complete the room.
Overall, Jump provides a practical introduction to several common Linux privilege escalation techniques, including insecure automation pipelines, writable scripts, PATH hijacking, and sudo misconfigurations. Rather than focusing on kernel exploits or complex vulnerabilities, the room emphasizes how poor trust boundaries between users and services can be combined to achieve full compromise. It is a solid room for understanding the importance of secure automation and the principle of least privilege.