Authenticate on Tryhackme

This is the write up for the room Authenticate on Tryhackme and it is part of the Web Fundamentals Path

Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.

Tasks Authenticate

Task 1

Read all that is in this task, start the attached machine and press complete

Task 2

Open burpsuite

Now navigate to MACHINE_IP:8888 and turn on the Burp with FoxyProxy. If you want to know how to configure this then follow this guide here Configure Burpsuite with Firefox – The Dutch Hacker

Make sure intercept is on in burpsuite

Now back to firefox. Type in the name jack and just give it a random password.

Back to Burpsuite and send the request to intruder

In intruder click on clear ( right side )

Now select Fillinpassword and click on Add

Navigate to payloads and load up a password list

Once the list is loaded press Start Attack and notice the different in Length.

Now turn off intercept in burp and Try this password to login

once you logged in you will see the flag for jack

Now back to burpsuite and change jack for mike

Back to the Payloads. All is still loaded. Press start attack

Once you notice a change in Length then try that password to login.

Task 3

3.1 What is the flag that you found in darren’s account?

Register darren with a space before darren as username

Go to the login screen and login with the created user ” darren” and the password we just typed.

3.2 What is the flag that you found in arthur’s account?

We doing the same thing. Register as arthur with a space before the username

And again login with the username ” arthur” to see the flag

Task 4

Read all that is in the task and follow along

4.1 Use the same method to find identity of admin user and retrieve the flag?

You can use cybercef to decode and encode

Navigate to <MACHINE_IP>:5000 type in user and user and press go

Press F12 to open the develop console.

got storage -> local storage and notice the acces token.

Now edit that token to the one in the task

As you can see identity is replaces with 0. The first user created is often the admin account

eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K.

Now press go and see the flag

Task 5

Find the way to get into superadmin ad

Press create user without fillin gin a thing

The press Visit private space

Notice the URL

Change 1 to 0

On this page you will see all the information to finish the rest of the task

And this finishes the Authenticate room