TryHackMe: Easy Peasy

Task 1 Enumeration through Nmap

* All answers found using “Zenmap”.

  • How many ports are open?
    * 3 ports.
  • What is the version of nginx?
    * Version is 1.16.1.
  • What is running on the highest port?
    * Apache Service running on the highest port.

Task 2 Compromising the machine

  • Using GoBuster, find flag 1.
    * “/hidden” directory found using GoBuster.
    *dir — set the mode to directory discovering.
    * — u — used for URL.
    * -w — the path to the wordlist.

* Go to URL “$ip/hidden”. Check the source page. (Nothing Found).
* Further web content filtering of “/hidden” directory using GoBuster.
New directory found “/whatever”.
Go to URL “$ip/hidden/whatever”. Check the source page.
Found a hash. Two equal signs show that hash is Base64 encoding.
* Decode Base64 text using any google website. (Flag Found)

Fig 1 and 2.
Fig 3 and 4.
  • Further enumerate the machine, what is flag 2?
    Start digging on Apache port.
    During “Zenmap”, Apache service showed “robots.txt” file. (check that directory by going to URL “https://$ip:65524/robots.txt”.
    * Robots.txt directory showed a hash.
    * Type of hash found via “Hash-Identifier”. (Which is MD5).
    Decode text using any google website. (Flag Found)
  • Crack the hash with easypeasy.txt, What is the flag 3?
    * Flag Found on Apache’s main page.
  • What is the hidden directory?
    * Check source page of Apache main page.
    * Tag “p” showing a hash with a hint that hash is encoded with any base.
    * Go to CyberChef, decode the hash with Base62. (Hidden Directory Name Found).
  • Using the wordlist that provided to you in this task crack the hash
    what is the password?
    * Go to newly discovered directory ($ip:65524/directory).
    * check source page. (New hash found).
    * Type of hash found via “Hash-Identifier”.
    * Try decoding the code with the top three hash type.
    * Flag Found via md5hashing ( hash type is GOST ).
  • What is the password to login to the machine via SSH?
    * An image is found on the apache port in (/n0th1ng3Is3m4tt3r) directory.
    * Download the image and extract it by using the “steghide” with a recently discovered password.
    * cat ( read ) the new extracted file.
    * Convert the binary password into the plain text. ( Password Found)
  • What is the user flag?
    * “SSH”
    the user using the discovered username and password.
    * ls — list the directories.
    * cat — read the file.
    * hint — flag is rotated.
    * Tried ROT13. ( User Flag Found)
  • What is the root flag?
    Located the schedule Cron jobs and found one which executes every minute with bash script.
    * cd — change directory.
    * Go to the founded directory, create a reverse shell with own IP and setup nc listener.
    * After few minutes, a file named “root.txt” created.
    * cat ( read) the file and Root Flag Found.

Sana Qazi is a Technical Writer specialized in Information Security. She is a writer by day and a reader by night.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Creating your own database like join using {code}

​🍉 The First Round Airdrop

Debugging Challenge #4

GSoC 2018: Dynamic

Powered by Parabola #2: Weekly Spotify Playlist for Local Shows

7 Reasons End-Users Are Not Having a Good VDI Work from Home Experience

Kind hospital smile development save.

Is it really hard to become a fullstack developer?

fullstack developer — digital wolf IT-company

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sana Qazi

Sana Qazi

Sana Qazi is a Technical Writer specialized in Information Security. She is a writer by day and a reader by night.

More from Medium

THM: Pickle Rick

TryHackMe: OpenVpn: WriteUp-

TryHackMe: Blue Writeup

Tech_Supp0rt: 1 — Tryhackme