Try-hack-me

ANTHEM : Walkthrough

In this writeup, we are going to solve a CTF room called “Anthem” created by Chevalier. I’ve taken a hint-only approach so you can enjoy this room as much as I did, but I am sure that this would be enough to eliminate any of your questions and difficulties.

Task 1 – Website Analysis
As being said in the task, we need to run a nmap scan and identify open ports.
Since it’s a CTF room, a really quick scan of all ports would be enough here.
#nmap -p- -vv <target IP> -Pn


We look at the above nmap scan and figure out which is the correct port for the webserver
We look at the above nmap scan and figure out which is the correct port for the Remote Desktop Service
Let’s open the website in our browser.


Let’s check website’s “/robots.txt” directory, & we find some interesting stuff there. Including a possible password.

Now we can retrieve both password and CMS name through above step.
Answer for questions six is located on the webserver port (see question two). Navigate to IP:PORT and you’ll see the domain!
It gets a bit trickier here as the room is gaining more and more CTF tasks. In this case, admin’s name is not directly stated on the website, but it contains enough information to get it.
Scroll down to the bottom you will see “Anthem.com”
and now go and click on post “A cheers to our IT department”
See that poem? Search it up on Google, & you will see the admin username.


Go to website’s “We are hiring” post & based on the email format with the name of the author, you can figure out the email of the admin.


Task 2 – Spot the flags

🏳️ FLAG 1 & 2:  Go to main website & then go to “We are Hiring page”. Open the source code & you will find first and second flag there.
Quick Tip: – As the Room describes that the flag are in the format “THM{}” Therefore, Search “THM” inside the source code by pressing “CTRL+F”.

🏳️ FLAG 3: Click on “Jane Doe” in the “We are Hiring” Page Section.

🏳️ FLAG 4: You will find fourth flag in the source code of “A Cheers to our department” Page.

Task 3 – Final stage

CTF format of this room suggests that there’s no need to actually exploit anything. Task 1 can help us to gain remote access to the box.
Launch your RDP application and plug in your known data:


Once the user logs in a file is on the desktop that contains the flag.
There is a hidden folder on the root of the C:\ that file had the permissions removed however SG has ownership over the file. So he has to give himself permissions to read it.


After getting the Administrator password, its time to get root flag 

The root flag is located in a very obvious place. Go to drive C:\ -> Users -> Administrator -> Desktop and there it is!


Thank you very much for reading. I hope you find this blog useful.

!!!!Happy Hacking!!!!















Comments

Post a Comment

Popular posts from this blog

Try Hack Me - Simple CTF

Image
  Try Hack Me    Simple CTF Walkthrough Simple CTF  Challenge on TryHackMe Platform is a beginner level CTF, if you want to learn about CTF's, this room is perfect for you! So let’s get going! Initially, let's deploy our machine get connected to THM VPN and then, we are ready to begin. We need to run a Nmap scan against the machine so that we know which ports are open and which services are operational on these ports. I am going to use an aggressive Nmap scan.   #nmap -A -sC -Pn <Target IP> Analyzing the above Nmap scan we now know the number of ports and their associated services that are running on the host. So we have 2 services running under port 1000 and ssh service running on the higher port. Also, as highlighted above, w e see that we have got an anonymous ftp login, let’s try to log in and see if we can find anything. From ftp access as shown above, we are able to gather some information as ForMitch.txt. We will further extract the file and let's see what outp
Read more
Image
  Try-hack-me PICKLE-RICK : Walkthrough Today I completed an other room on tryhackme with a Rick and Morty theme to it! Let's go and complete the room Pickle Rick from try Hack Me! Scanning & Enumeration A good rule of thumb is to start by scanning your machine for any open ports.  #nmap -T4 -sC -sV -A -p- <target IP> Enumerating Services Port 22- ssh Here we are able to see that our SSH port is open. This port isn't too vulnerable unless we have found some credentials. So we will not mess with it. Port 80- http It's here where we find a webservice. Lets see if there is anything interesting. This webpage comes up on port 80. There’s no useful data in here. But what if we check the page source? Checking out the source code of a page can reveal all sorts of things.  Great it looks like we have found a user name!!!  Most websites will have a robots.txt file that will tell a browser what is and isn't allowed to index. So lets see if there is one for this site. Su
Read more
Image
  Try-hack-me Lian_Yu : Walkthrough This post is a walkthrough of an Arrowverse themed beginner CTF box on Tryhackme. Let’s get started by deploying the machine. Now, after deploying the machine, start with a basic Nmap scan and see which ports and services are open and running on the particular IP address. #nmap -A -sC -sV <target IP> Port 80 is open and running so let’s look at the webpage first.. The First step is to check the page source and robots.txt but no information found there, so let’s move to enumeration. #gobuster dir -u http://<target IP>/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt Looks like we have found a directory /island let’s look at it. The webpage looks like this at first instance but when I saw the source code I realized the the code word is also given in as vigilante but is in the white text. So here we got our code word.  I then ran gobuster again with the addition of the new directory I had found directory inside island di
Read more