InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Lesson Learned? Tryhackme Machine Writeup

Lesson Learned? is an easy level CTF room made by TryHackMe | Tib3rius. Machine link:

TryHackMe | Lesson Learned?

On starting the machine, I got a <MACHINE_IP>. I tried using nmap to scan for the ports and it confirmed that only port 80 and 22 were working.

nmap scan

I tried using gobuster to find out any hidden files or directories, but didn’t get anything special.

gobuster scan

On opening the website in the browser, there is a simple login page:

Login Page

I used the whatweb tool to see what all web technologies are being used in this website. You can use wappalyzer for this as well.

If you want to install whatweb, run the following command in your terminal:

sudo apt install whatweb
whatweb tool results

So, I tried the default credentials admin:admin, but got a message saying “Invalid username or password”.

So, I thought of trying SQL Injection payloads.

payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List (github.com)

On trying payload:’ OR 1=1-- - , we get:

According to this error message, to bypass the login page I need only one record from the users table. So, I had to get at least one correct username.

So, after terminating and starting the machine again (as the error message says the flag is deleted and we have to reset the box), I tried to use hydra for brute-forcing and get the valid usernames.

hydra -L /usr/share/wordlists/SecLists/Usernames/xato-net-10-million-usernames.txt -p rockyou <MACHINE_IP> http-post-form "/:username=^USER^&password=^PASS^:Invalid username and password."

I tried using the username ‘martin’ and got an error message as:

So, now I got a valid username: martin.

So, I crafted a payload: martin’; -- -

On passing this payload on the username field:

Sign up to discover human stories that deepen your understanding of the world.

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Vedant Pillai

As a passionate cyber security student,I'm dedicated to mastering the art of cyber security. I am currently pursuing my BTech in Computer Engineering from KJSIT

No responses yet

Write a response