# Avengers Blog

![](/files/-Md-Vrkmma_MpxpporGe)

## Cookies

![](/files/-Md-WZDm2C38QA8nNY2H)

Lets visit the webpage

![](/files/-Md-WkS_MW9A9PY6bmTr)

Lets look at the Cookies (Ctrl + Shift + i) in the Storage tab'

![](/files/-Md-WwkiAQqP10SmAmYz)

We have the flag

## HTTP Headers

![](/files/-Md-X2pe-wPaiYbWq9Um)

Lets go to the Network tab and hit reload and select the option to only look at HTTP requests

![](/files/-Md-XVzEANJQpl6yyk-T)

We have the second flag

## Enumeration and FTP

![](/files/-Md-XmgRbMxn9wMUcU4r)

Lets run a nmap scan to find open ports and then login into FTP with the given credentials.

![](/files/-Md-Y7aChe0Df7KNHBP4)

![](/files/-Md-Y9ULczcChahrsGOO)

Lets look at the files on the FTP server,&#x20;

![](/files/-Md-YKiQ4hzigS6wsRbG)

We have a directory and the flag in the directory, so transfer the file onto our machine and read the file to get the third flag.

## Gobuster&#x20;

![](/files/-Md-YYcHBDhxEOlCTyUq)

Lets run gobuster to find hidden files and directories

![](/files/-Md-Z-BRDwYruQjz-II5)

The /portal has a login page, so that the answer for this task

![](/files/-Md-Z9KSnYAh3s6c2pTG)

## SQL Injection

![](/files/-Md-ZGXx--k3oxWGFIdj)

Lets capture the request using Burp and send it to repeater

![](/files/-Md-_Qv6-7DY_LHDnGMy)

Now lets use SQL Injection to login as admin

![](/files/-Md-_lP3fi6jyYH_8pW9)

![](/files/-Md-_vM5JQmzsLaE0Ilm)

Its says found, now lets send it as a real request in the proxy tab.&#x20;

![](/files/-Md-a0EKLMdFcZTmnjSn)

We are logged in. Looking at the source code, there are 223 lines being used, so that is the answer to the question in this task.

![](/files/-Md-aRg9nf9aT1WPLO71)

## Remote Code Execution and Linux

![](/files/-Md-a_J8nhOSRdqjUbTC)

We cannot read the file with the **cat** command, so lets use the **tac** command

![](/files/-Md-b111jn38sRMW6yYB)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://writeups.adityadindi.com/tryhackme/walkthroughs-easy/avengers-blog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.