CyberHeroes — TryHackme CTF Writeup
Want to be a part of the elite club of CyberHeroes? Prove your merit by finding a way to log in!
Task 1 CyberHeroes
Want to be a part of the elite club of CyberHeroes? Prove your merit by finding a way to log in!
Access this challenge by deploying both the vulnerable machine by pressing the green “Start Machine” button located within this task, and the TryHackMe AttackBox by pressing the “Start AttackBox” button located at the top-right of the page.
Navigate to the following URL using the AttackBox: http://10.10.136.139
Check out similar content on TryHackMe:
Answer the questions below
Uncover the flag!
we can kick this off with a nmap scan as ususal, and looks like only 2 ports are open, port 22 and 80,
nmap -sC -sV -vvv 10.10.136.139 -Pn
implying that a website can be hosted here, and browsing to http://10.10.136.139 shows us a simple website, take some time to see what’s it about.
login page sure seems interesting
providing the credentials ‘admin:admin’ provided us with a alert, looks like some JS is here.
From here you can either try to bruteforce or use tools to inspect the site for possible XSS etc or keep it simple and try to look at the source code first and try to decide.
There’s an interesting function, we should try to attend it ;)
If I explain the function in layman’s terms, it seems to assign the uname and pass variables to variable a and b, then with the help of reverse string function it checks for some hard coded credentials,
so now we know that the username is ‘h3ck3rBoi’ and the password should be the reverse of ‘54321@terceSrepuS’.
To reverse the string you can simply use a website like
update: you can reverse a string using the rev command without the website
echo your_text_here | revand our not so super secret password is ‘SuperSecret@12345’
and we have our flag :)
}e6642d58e7a3c051a1b045c235eb0bde{galfif you liked this content follow me on medium from below link :)
