Authenticate: TryHackMe Room
Hello World! Welcome to the blog…
You guys can also try amazing room by purchasing a premium subscription of TryHackMe.
- Before starting, Make sure to connect to the TryHackMe server using the VPN configurations file provided.
[If you don’t have OpenVPN installed then: sudo apt install openvpn]
Alright! Let's begin.
Go to Authenticate Room inside Your Hacktivities:

Task 1 — Deploy the VM:

- Copy IP address of the VM:

- Then perform NMAP Scan:

- So port 80 is not open! Let’s get the service’s information by applying -sV options with NMAP Scan. After the scan, you can see that port 5000, 7777, 8888 are running httpd service.
Now let’s browse the ports running httpd service:



Task 2 — Dictionary Attack:

- After going through the description, it is pretty clear that we have to perform a brute-force attack, so lets fire-up Burp-Suite.

- Capture the login request and send it to the intruder tab to perform the attack, add the position as given, and add the required payloads for the attack.

- We got the password by performing the attack, And after logging in with the password we get the flag:

- Perform the same attack for Mike’s credentials, You will get the rest of the answers as well:

Task 3 — Re-registration:

- Register Darren as given in the description.

- Then login with the registered credentials, You will get the flag:

- Perform the steps for Arthur's account, You will get rest of the answers:

Task 4 — JSON Web Token:

- Navigate to port number 5000.
Perform login as given in the description, and make sure to capture the request:

- Captured Request for Authentication:

- Captured Request for Login:

- Success Alert for Guest User:

- Now again login to the system and modify the JWT Token, decode (using CyberChef) the first two part of the token as given in the task description:

- After logging in, You will get the admin flag:


Task 5 — No Auth:

- Navigate to the port number 7777, This form will appear:

- Navigate to /users/1:

- When navigated to /users/2, we got the admin password & some sort of secret data:

- Now for this task, let’s try to fuzz the user-id, when passing user-id as 0, we get the superadmin’s data:

- Now we got the answers:

And CONGRATULATIONS, You have successfully completed the room!

For any queries, drop me an email akshatsoni64@protonmail.com