📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • Introduction
  • Reconnaissance
  • Stolen Data

Was this helpful?

  1. TryHackMe
  2. Challenges (CTF): Easy

Juicy Details

PreviousCat PicturesNextAnthem

Last updated 3 years ago

Was this helpful?

Introduction

Reconnaissance

Lets unzip the files we downloaded

Lets read the access log

So we have to find what tools the attacker used, we can find this by looking at the Headers.

First we have nmap

Next we have hydra

We have Sqlmap, and the last two we have

Curl and Feroxbuster.

Hydra is the tool used for bruteforcing, so lets see what endpoint they were attacking with Hydra

To see what endpoint was vulnerable to sql injection , lets go see which endpoint they attacked with SQLi and were successful.

The parameter used for the SQL injection was q

The endpoint the attacker tried to use to retrieve flags can be seen in the end of the log file

Stolen Data

The section of the website the attacker used to scrape user email addresses can be seen in the log file. We usually do not find email addresses on all pages, but we can find them when people give reviews.

Their brute-force attack was successful as we can see in the logs

We know it was successful because after the request, the attacker was sent to the admin page.

Looking at the last request of Sqlmap we can see that the were able to retrieve the email and password.

The files they tried to download can be found at the end of the logs

To look at the services and account names that were used, we need to look at the service file, which is vsfptd.log.

The service is FTP and the account name is anonymous.

To see the username and service that were used to gain shell access to the server, we need to look at the Authentication logs, which is auth.log

The version is SSH and the username they were logged in as is www-data