TryHackMe Avengers Blog Writeup

Avengers Blog (https://tryhackme.com/room/avengers) is a new room by TryHackMe. The room is all about Cookie stealing, SQL Command Injection, where the task is to enumerate the machine, bypass the login page through SQL injection and spawn the root access by command injection.

TryHackMe Avengers Blog Writeup

Let us get started.

[Task 2] Cookies

The task 2 is to find the flag1 from the cookie value. As we know from the NMAP scan there is a website running on the port 80, let us browse the website and find the flag.

The Website:

To find the cookie as per the task, I just used inspect element of the Firefox browser and I found the flag#1.

[Task 3] HTTP Headers

So Flag#1 is down, let us move forward. The second task is to find the flag #2 from HTTP response headers. You can complete this task as well using inspect elements, the header information is always found in the Network tab of the inspector. If the content is black, reload the page while inspect elements is open.

[Task 4] Enumeration and FTP

In the task#2, we shall use namp to scan the target machine and gather information about the open ports and services running. To find the flag, we need to access the FTP first, let is do it. We have been provided with credentials, groot:iamgroot

[Task 5] GoBuster

With 3 flags in our bucket, lets move on to the task #5 – GoBuster.

/portal:

The portal page is vulnerable to SQLi, I logged in tot the portal using simple SQLi command “' or 1=1--” After login we can see the portal has a utility, using it we can be directly interact with Jarvis.

We can see the flag here:

While reading the flag, we have a message “The cat command is disallowed!”. So let us use TAC command instead CAT.

The TAC Command:

The TAC is part of the Linux or Unix systems. The TAC command is also known as reverse version of the CAT command that prints each line of a file starting from the bottom line until the top line. So if you have 10000 lines in a text file, the CAT command lists 1st line till 10000 line where the TAC lists the results from 10000..9999…9998…9997 until 1.

Navin

Hey there, I'm Navin, a passionate Info-Sec enthusiast from Bahrain. I started this blog to share my knowledge. I usually write on HackTheBox machines and challenges, cybersecurity-related articles and bug-bounty. If you are an HTB user and like my articles, please respect here: https://www.hackthebox.eu/home/users/profile/68523

View all posts by Navin →
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Sorry, that action is blocked.
%d bloggers like this: