The Dutch Hacker
Avengers Blog Tryhackme
Tryhackme

Avengers Blog on Tryhackme

This is the write up for the room Avengers Blog on Tryhackme and it is part of the Web Fundamentals Path

Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment

TASK Avengers Blog

Task 1

Boot up the attached machine and navigate with firefox to http://<MACHINE_IP>

Task 2

Once the site is loaded press F12 Then storage and under cookies you will see the flag1 cookie

Avengers Blog tryhackme

Task 3

3.1 Look at the HTTP response headers and obtain flag 2.

In the develops console open network and press F5 to reload the page. Click on the first that is loaded and then press headers. You will see the flag2 in the header

Avengers Blog tryhackme

You can do this with Burp intercept as well.

Open Burpsuite and turn on intercept ( look here to configure Configure Burpsuite with Firefox )

Once forward the request and look in the history

Avengers Blog tryhackme

Before forwarding the request you can also look at the response by

burpsuite do intercept

In the next page you will find the response header. This does not always work very well.

Task 4

4.1 Look around the FTP share and read flag 3!

Scan the machine with nmpa using the following command

nmap -sV -sC -T4 <Machine_IP>

With this scan you have more information

Avengers Blog tryhackme

Connect with the ftp by typing

ftp <machine_ip> 21

Login with the credentials given in the task

Once connected type in 

ls -la

We se one directory. navigating in the directory by typing

cd files
ls -la
ftp in passive mode

We can download the file by typing 

get flag3.txt

then exit the ftp and type 

cat flag3.txt

Task 5

5.1 What is the directory that has an Avengers login?

Let’s scan with gobuster first by typing in

gobuster -u http://10.10.63.212 dir --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
gobuster dir scanning

When navigatin got /portal we have a login page

Avengers Blog tryhackme

Task 6

6.1 Log into the Avengers site. View the page source, how many lines of code are there?

It took me a while to get this by type in the user field and password field

' or 1=1-- 

Once log in right click view source and scroll al the way down and see the number of lines

Task 7

7.1 Read the contents of flag5.txt

To reverse reading the command it tac

cd ../; ls; tac flag5.txt

You may also like

Top 5 Must Do Courses

  1. Web application security for absolute beginners
  2. Ethical Hacking Offensive Penetration Testing OSCP Prep
  3. TOTAL: CompTIA PenTest+ (Ethical Hacking) + 2 FREE Tests.
  4. Learn Python & Ethical Hacking From Scratch
  5. Python Ethical Hacking MASTERCLASS: Zero to Mastery

Most Popular Post

System Account
How to Recover the password of a local Windows 10 account
cURL
dvwa install
How to Install web DVWA on HyperV
ZTH - web2 writeup tryhackme
ZTH – Web 2 on Tryhackme
nmap -h
Nmap Room on Tryhackme

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

System Account
How to Recover the password of a local Windows 10 account
cURL
dvwa install
How to Install web DVWA on HyperV
ZTH - web2 writeup tryhackme
ZTH – Web 2 on Tryhackme
nmap -h
Nmap Room on Tryhackme

Contact Us