# \[Day 3] Christmas Blackout ## Challenge Accessing the site reveals a login form as shown below. ![](/files/8wJX9ghsZVK1Q02A5cFQ) Since there was no attack vector via the main page, I scanned the web directory for hidden directories with the command below. ``` gobuster dir -u http://10.10.11.109/ -e -w /usr/share/wordlists/dirb/common.txt -t 100 -x .php,.txt,.html,.cnf,.conf | tee gobuster.log ``` While running that, I noticed a URL `10.10.11.109/admin` with a redirect status code. ![](/files/QheB6tXbSPp9mxZCXWXc) {% hint style="success" %} Using a common wordlist for discovering content, enumerate to find the location of the administrator dashboard. What is the name of the folder? * admin {% endhint %} `10.10.11.109/admin/` returned the following. ![](/files/1CEZCQJaXgEo1m8wj10e) Trying `administrator:administrator` logged me into the admin portal and revealed the flag! {% hint style="success" %} In your web browser, try some default credentials on the newly discovered login form for the "administrator" user. What is the password? * administrator {% endhint %} ![](/files/14Yuso8xfFPGPPum6LCb) {% hint style="success" %} Access the admin panel. What is the value of the flag? * THM{ADM1N\_\*\*\*\*\*} {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://repo.4pfsec.com/tryhackme/advent-of-cyber-3-2021/day-3-christmas-blackout.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.