Authenticate: TryHackMe Room

  • Before starting, Make sure to connect to the TryHackMe server using the VPN configurations file provided.
    [If you don’t have OpenVPN installed then: sudo apt install openvpn]
Room Overview
Task 1
  • Copy IP address of the VM:
Active Machine Information
  • Then perform NMAP Scan:
NMAP Scan
  • So port 80 is not open! Let’s get the service’s information by applying -sV options with NMAP Scan. After the scan, you can see that port 5000, 7777, 8888 are running httpd service.
    Now let’s browse the ports running httpd service:
Port 5000
Port 7777
Port 8888
Task 2
  • After going through the description, it is pretty clear that we have to perform a brute-force attack, so lets fire-up Burp-Suite.
Burp Suite Loading Screen
  • Capture the login request and send it to the intruder tab to perform the attack, add the position as given, and add the required payloads for the attack.
Brute Force Attack
  • We got the password by performing the attack, And after logging in with the password we get the flag:
Flag Page
  • Perform the same attack for Mike’s credentials, You will get the rest of the answers as well:
Quiz Form
Task 3
  • Register Darren as given in the description.
Registration Form
  • Then login with the registered credentials, You will get the flag:
Flag Page
  • Perform the steps for Arthur's account, You will get rest of the answers:
Quiz Form
Task 4
  • Navigate to port number 5000.
    Perform login as given in the description, and make sure to capture the request:
Landing Page
  • Captured Request for Authentication:
Captured Request
  • Captured Request for Login:
Captured Request
  • Success Alert for Guest User:
Welcome Alert
  • Now again login to the system and modify the JWT Token, decode (using CyberChef) the first two part of the token as given in the task description:
Modified Request
  • After logging in, You will get the admin flag:
Flag Page
Quiz Form
Task 5
  • Navigate to the port number 7777, This form will appear:
Landing Page
  • Navigate to /users/1:
User Data Page
  • When navigated to /users/2, we got the admin password & some sort of secret data:
Admin Data Page
  • Now for this task, let’s try to fuzz the user-id, when passing user-id as 0, we get the superadmin’s data:
Super Admin Data Page
  • Now we got the answers:
Quiz Form

And CONGRATULATIONS, You have successfully completed the room!

--

--

--

Cyber Security Student | CTF Player | Not Really An Author

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The PowerShell way of encrypting AWS EBS volume

Flash Stock Firmware on Samsung GALAXY A3 SM-A300G

Flash Stock Rom on Samsung Galaxy

The IoT (Internet of Things) a little brief

{UPDATE} Moto X Mayhem Hack Free Resources Generator

{UPDATE} Bumper Car Club Hack Free Resources Generator

Hill Cipher Encoding

Datamine (DAM) Top 10 DeFi DApp, CoinGecko, & More!

Putting Privacy on the Agenda at ICANN

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akshat Soni

Akshat Soni

Cyber Security Student | CTF Player | Not Really An Author

More from Medium

TryHackMe: Learning Cyber Security Room a Walkthrough

OverTheWire:~$ Bandit Level 7 → 8

Walkthrough: Templated (Hack the Box Web Challenge)

AI-generated image by DALL-E mini on prompt “server side template injection.” https://www.craiyon.com/

Try Hack Me: Cyborg