Now we will use a Python script to brute-force the secret number. By searching the web, it becomes clear this rate limit can be bypassed. This makes brute-forcing the secret number a bit more difficult. Run the intruder script for a few minutes and you should see numerous responses having the following content: Make sure you create a list containing all these numbers. The payload should be a list of numbers from 1-100000. If all went well you should see the following screen on the intruder tab: Make sure the only payload is the secret number. Afterwards, click on the Intruder tab and change the payload positions. Now right-click on the white field and click on “Send to Intruder”. To find the secret number, we will intercept the number request using Burp Suite. TryHackMe Madness – Finding the secret number Since the web server on port 80 does not reveal much information, we will try to find the secret number for the web server running on port 8085. The following page can be seen by browsing to : When browsing to the document root we can see the following page for the web server running on port 80: We can see that ports are ports used by Apache and Gunicorn web servers. Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel |_ Supported Methods: HEAD OPTIONS POST GET |_http-server-header: Apache/2.4.18 (Ubuntu)Ĩ085/tcp open http syn-ack Gunicorn 20.0.4 |_ Supported Methods: OPTIONS GET HEAD POST |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd1NxUo0xJ3krpRI1Xm8KMCFXziZngofs/wjOkofKKVĨ0/tcp open http syn-ack Apache httpd 2.4.18 ((Ubuntu)) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBENNM4XJDFEnfvomDQgg0n7ZF+bHK+/x0EYcjrLP2BGgytEp7yg7A36KajE2QYkQKtHGPamSRLzNWmJpwzaV65w= | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7zuGtMGKQdFrh6Y8Dgwdo7815klLm7VzG05KNvT112MyF41Vxz+915iRz9nTSQ583i1cmjHp+q+fMq+QGiO0iwIdYN72jop6oFxqyaO2ZjBE3grWHSP2xMsTZc7qXgPu9ZxzVAfc/4mETA8B00yc6XNApJUwfJOYz/qt/pb0WHDVBQLYesg+rrr3UZDrj9L7KNFlW74mT0nzace0yqtcV//dgOMiG8CeS6TRyUG6clbSUdr+yfgPOrcUwhTCMRKv2e30T5naBZ60e1jSuXYmQfmeZtDZ4hdsBWDfOnGnw89O9Ak+VhULGYq/ZxTh31dnWBULftw/l6saLaUJEaVeb The output of the scan can be seen below:Ģ2/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux protocol 2.0) The sC and sV flags indicate that basic vulnerability scripts are executed against the target and that the port scan tries to find version information. We start by running a port scan on the host using nmap. echo " sustah.thm" > /etc/hosts TryHackMe Madness – Enumeration Before we start enumerating the box, add the following line to your /etc/hosts file. The first user created is often the admin account writeup will help you solve the Sustah box on TryHackMe. Now edit that token to the one in the taskĪs you can see identity is replaces with 0. Got storage -> local storage and notice the acces token. Navigate to :5000 type in user and user and press go You can use cybercef to decode and encode Read all that is in the task and follow alongĤ.1 Use the same method to find identity of admin user and retrieve the flag? Register as arthur with a space before the usernameĪnd again login with the username ” arthur” to see the flag Go to the login screen and login with the created user ” darren” and the password we just typed.ģ.2 What is the flag that you found in arthur’s account? Register darren with a space before darren as username Once you notice a change in Length then try that password to login.ģ.1 What is the flag that you found in darren’s account? Now back to burpsuite and change jack for mikeīack to the Payloads. Once you logged in you will see the flag for jack Now turn off intercept in burp and Try this password to login Once the list is loaded press Start Attack and notice the different in Length. Navigate to payloads and load up a password list Now select Fillinpassword and click on Add In intruder click on clear ( right side ) Type in the name jack and just give it a random password.īack to Burpsuite and send the request to intruder If you want to know how to configure this then follow this guide here Configure Burpsuite with Firefox – The Dutch Hacker Now navigate to MACHINE_IP:8888 and turn on the Burp with FoxyProxy. Read all that is in this task, start the attached machine and press complete Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment. This is the write up for the room Authenticate on Tryhackme and it is part of the Web Fundamentals Path
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |