Avengers Blog — THM
This machine is Avenger’s theme.Connect to tryhackme network and deploy the machine.
Head onto the web-view of the machine, there is some conversations between fellow avengers.Let’s enumerate the machine using NMAP,
sudo nmap -A <target_ip>
Results show there are three open ports.Now head onto tasks,
Task 2 Cookies
Get the flag1, inspect the webpage and head onto the storage tab and you can access the cookie value.
Task 3 HTTP Headers
Intercept the request in Burpsuite and in the http history tab, look-up the request and we can see the Response Headers column as shown in above snap,access it to get flag2.
Task 4 Enumeration and FTP
We have already enumerated for open ports and services using nmap. Let’s login to ftp using groot’s credential mentioned in the comments of the webpage.
Download the flag3 file to your machine using mget command and we got flag3!
Task 5 GoBuster
Use gobuster for directory traversal and it can be done by,
sudo gobuster dir -u http://<target_ip>/ -w /usr/share/wordlists/dirb/common.txt — wildcard php
Here we can get the directory name for accessing the login-page.
Task 6 SQL Injection
Here we need to bypass the login page using sql injection, tried with admin’ or 1=1 — and similar payloads didn’t had any luck though and the hint mentions the payload for username and password ‘ or 1=1 — using this logged-in successfully and got the jarvis panel!. View the number of lines in source code (ctrl+u).
Task 7 Remote Code Execution and Linux
We can execute commands in the jarvis panel. Let’s access flag5 using this. The cat command is not allowed in this panel! well there are other ways to print file contents!
cd ../; less flag5.txt
By this we got all the flags and completed the tasks!
Thank You!!👻
Happy H@cking🦇
