The Dutch Hacker
Avengers Blog Tryhackme

Avengers Blog on Tryhackme

This is the write up for the room Avengers Blog on Tryhackme and it is part of the Web Fundamentals Path

Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment

TASK Avengers Blog

Task 1

Boot up the attached machine and navigate with firefox to http://<MACHINE_IP>

Task 2

Once the site is loaded press F12 Then storage and under cookies you will see the flag1 cookie

Avengers Blog tryhackme

Task 3

3.1 Look at the HTTP response headers and obtain flag 2.

In the develops console open network and press F5 to reload the page. Click on the first that is loaded and then press headers. You will see the flag2 in the header

Avengers Blog tryhackme

You can do this with Burp intercept as well.

Open Burpsuite and turn on intercept ( look here to configure Configure Burpsuite with Firefox )

Once forward the request and look in the history

Avengers Blog tryhackme

Before forwarding the request you can also look at the response by

burpsuite do intercept

In the next page you will find the response header. This does not always work very well.

Task 4

4.1 Look around the FTP share and read flag 3!

Scan the machine with nmpa using the following command

nmap -sV -sC -T4 <Machine_IP>

With this scan you have more information

Avengers Blog tryhackme

Connect with the ftp by typing

ftp <machine_ip> 21

Login with the credentials given in the task

Once connected type in

ls -la

We se one directory. navigating in the directory by typing

cd files
ls -la
ftp in passive mode

We can download the file by typing

get flag3.txt

then exit the ftp and type

cat flag3.txt

Task 5

5.1 What is the directory that has an Avengers login?

Let’s scan with gobuster first by typing in

gobuster -u dir --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
gobuster dir scanning

When navigatin got /portal we have a login page

Avengers Blog tryhackme

Task 6

6.1 Log into the Avengers site. View the page source, how many lines of code are there?

It took me a while to get this by type in the user field and password field

' or 1=1-- 

Once log in right click view source and scroll al the way down and see the number of lines

Task 7

7.1 Read the contents of flag5.txt

To reverse reading the command it tac

cd ../; ls; tac flag5.txt

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us