Takeover — TryHackMe Simple Writeup | 2023
2023-2-11 03:35:28 Author: infosecwriteups.com(查看原文) 阅读量:326 收藏

TryHackMe’s Takeover Simple Walkthrough | Karthikeyan Nagaraj

Room Description:

Hello there,

  • I am the CEO and one of the co-founders offuturevera.thm.
  • In Futurevera, we believe that the future is in space.
  • We do a lot of space research and writeblogs about it.
  • We used to help students with space questions, but we are rebuilding oursupport.

Recently blackhat hackers approached us saying they could take over and are asking us for a big ransom. Please help us to find what they can take over.

Hint: Don’t forget to add the 10.10.218.33 in /etc/hosts for futurevera.thm ; )

Our website is located at https://futurevera.thm

Note:

For this challenge, you don’t need to Enumerate subdomains via tools. Because, we can assume the sub-domains, which is mentioned in 4th step.
Only for this Challenge!!And, Some domains won’t work in chrome, In that cases use firefox

Connect to TryHackMe’s VPN and Make sure to add the subdomains to /etc/hosts with the corresponding IP

  1. Nothing found on nmap Enumeration
  2. Nothing was found in the Source code
  3. Subdomain Enumeration through gobuster displays a subdomain portal.futurevera.thm
gobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u futurevera.thm -t 50 --append-domain

4. Make sure to add the subdomain to/etc/hostsbefore opening

http://portal.futurevera.thm

4. As per the room description, we can assume that there will be 2 subdomains → blog and support

5. Let’s add the Sub domain https://blog.futurevera.thm to/etc/hosts and Explore it further

sudo echo <THM-IP> blog.futurevera.thm >> /etc/hosts

if you get an error, try the below command

su 
echo <THM-IP> blog.futurevera.thm >> /etc/hosts

6. Inspecting Blog doesn’t provide anything useful. So Let’s move to support

7. The Room Description Expresses that they are rebuilding thesupport page, so there may be chances to obtain the flag

8. By Checking the certificate, we found a domain name

9. On Opening the domain, we’ll get the flag

Flag: flag{beea0d6edfcee06a59b83fb50ae81b2f}

Feel Free to Ask Queries via LinkedIn and to Buy me a Cofee : )

Thank you for Reading!!

Happy Takeover ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

文章来源: https://infosecwriteups.com/takeover-tryhackme-simple-writeup-2023-f88ff3ed2578?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh