> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# NahamStore

> In this room you will learn the basics of bug bounty hunting and web application hacking

# NahamStore

<p className="machine-summary"><span className="prompt"><code>\$ tldr</code></span> TryHackMe · Challenge · Medium</p>

<div className="machine-meta">
  | ·             | ·                                                  |
  | ------------- | -------------------------------------------------- |
  | Platform      | TryHackMe                                          |
  | Type          | Challenge                                          |
  | Difficulty    | <span className="dbadge dbadge-easy">MEDIUM</span> |
  | Access        | 🟢 Free                                            |
  | Average time  | 75 min                                             |
  | Users         | 21.192                                             |
  | Official room | [Open](https://tryhackme.com/room/nahamstore)      |
</div>

## Description

In this room you will learn the basics of bug bounty hunting and web application hacking

## Solve the room

| Language | Author        | Format      | Link                                          |
| -------- | ------------- | ----------- | --------------------------------------------- |
| 🇬🇧 EN  | **TryHackMe** | Lab oficial | [Open](https://tryhackme.com/room/nahamstore) |

## Resources by skill

| Skill                             | Source               | Link                                                                                       |
| --------------------------------- | -------------------- | ------------------------------------------------------------------------------------------ |
| CSRF (Cross-Site Request Forgery) | PortSwigger          | [Open](https://portswigger.net/web-security/csrf)                                          |
| Local File Inclusion (LFI)        | HackTricks           | [Open](https://book.hacktricks.wiki/en/pentesting-web/file-inclusion/index.html)           |
| Local File Inclusion (LFI)        | PayloadsAllTheThings | [Open](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion)   |
| Remote Code Execution (RCE)       | HackTricks           | [Open](https://book.hacktricks.wiki/en/pentesting-web/command-injection.html)              |
| Cross-Site Scripting (XSS)        | HackTricks           | [Open](https://book.hacktricks.wiki/en/pentesting-web/xss-cross-site-scripting/index.html) |
| Cross-Site Scripting (XSS)        | PortSwigger          | [Open](https://portswigger.net/web-security/cross-site-scripting)                          |
| XML External Entity               | HackTricks           | [Open](https://book.hacktricks.wiki/en/pentesting-web/xxe-xee-xml-external-entity.html)    |

## Related skills

[CSRF (Cross-Site Request Forgery)](/en/skills/csrf) · [Local File Inclusion (LFI)](/en/skills/lfi) · [Remote Code Execution (RCE)](/en/skills/rce) · [Cross-Site Scripting (XSS)](/en/skills/xss) · [XML External Entity](/en/skills/xxe)

***

## Comments & tips

Solved this room a different way? Share it here — comments live in [GitHub Discussions](https://github.com/FFuson/HTB_Writeups/discussions).

<div className="rootea-giscus-wrap" data-giscus-term="thm:tryhackme-nahamstore" data-giscus-lang="en" />

*Last updated: 2026-05-09*

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"TechArticle","name":"NahamStore","headline":"NahamStore — TryHackMe room index","url":"https://rootea.es/en/tryhackme/rooms/nahamstore","inLanguage":"en","about":[{"@type":"Thing","name":"TryHackMe"},{"@type":"Thing","name":"Challenge"}],"isPartOf":{"@type":"WebSite","name":"rootea.es","url":"https://rootea.es"},"author":{"@type":"Organization","name":"rootea.es"}}`}
</script>
