📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
      • Random
Powered by GitBook
On this page
  • Website Analysis
  • Spot The Flags
  • Final Stage

Was this helpful?

  1. TryHackMe
  2. Challenges (CTF): Easy

Anthem

PreviousJuicy DetailsNextTony The Tiger

Last updated 3 years ago

Was this helpful?

Website Analysis

Lets run nmap scans to find open pots and services

Lets visit the webserver

Looking at the articles, we have a poem and it looks like the admin wrote this, so lets see who wrote this poem

We have a username. Lets check robots.txt as we some interesting information in the nmap scan

Looks like a password, lets save it for later. Looking through the directories, There is a login page on /umbraco

We do not have credentials. We also know that the CMS version this page is using is Umbraco. The domain is on the home page of the webserver. We can find the email of the admin on the We are hiring article.

With this email, we can assume the email format of the admin

Spot The Flags

The first flag can be found on the source code of the We are hiring page.

Now we know that the flag format for the flags are THM{} so we can use Ctrl + F to find flags on a page, lets check if there are any other flags on this page.

We have another file

The third flag can be found in the link that we can click in the source code that will take us to /authors/jane-doe

We can find the fourth flag in the source code of the A cheers to our IT department page.

Now that we have credentials we can login through the login portal that we found earlier

Final Stage

We have nothing of interest so lets login into the Windows machine using remmina. Lets first install the app.

Lets login

We are logged in, lets see the user file on the desktop

Lets open the command prompt

We are not admin on the machine yet, so we need to privesc to admin.

Looking at the hint they gave us, it is supposed to be a hidden file. Lets select the options to look at hidden files/folders on the machine

Now we see a backup folder, which is interesting

Lets check what the folder has

There is a restore.txt file, lets try to read it.

So we do not have permissions. Lets go to Properties > Security > Add and then lets add users so that we can read the file

Now we can read the file

Now lets login as administrator as I think this is the password for admin, lets read the root flag