LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page

Was this helpful?

  1. TryHackMe
  2. Advent of Cyber 3 (2021)

[Day 3] Christmas Blackout

{Web Exploitation = Content Discovery}

Previous[Day 2] Elf HR ProblemsNext[Day 4] Santa's Running Behind

Last updated 3 years ago

Was this helpful?

Challenge

Accessing the site reveals a login form as shown below.

Since there was no attack vector via the main page, I scanned the web directory for hidden directories with the command below.

gobuster dir -u http://10.10.11.109/ -e -w /usr/share/wordlists/dirb/common.txt -t 100 -x .php,.txt,.html,.cnf,.conf | tee gobuster.log

While running that, I noticed a URL 10.10.11.109/admin with a redirect status code.

Using a common wordlist for discovering content, enumerate http://10.10.11.109 to find the location of the administrator dashboard. What is the name of the folder?

  • admin

10.10.11.109/admin/ returned the following.

Trying administrator:administrator logged me into the admin portal and revealed the flag!

In your web browser, try some default credentials on the newly discovered login form for the "administrator" user. What is the password?

  • administrator

Access the admin panel. What is the value of the flag?

  • THM{ADM1N_*****}

🎄