12/29/2023 0 Comments Tryhackme burp suite![]() We have learned that in the Network Services Room on Tryhackme Answer: /home/falcon/.ssh/id_rsa We know ssh keys are locate in the users home directory /home/$Username/.ssh/id_rsa If we look at the output of the previous question we see one user Answer: flacon What is the name of the user in /etc/passwd Try to display your own name using any payload. How do you define a new ENTITY? Answer: !ENTITY How do you define a ROOT element? Answer: !DOCTYPE How do you define a new ELEMENT? Answer: !ELEMENT How can we specify XML version and encoding in XML document? Answer: XML Prolog Is it compulsory to have XML prolog in XML documents? Answer: NoĬan we validate XML documents against a schema? Answer: Yes The answer of these questions can all be found in the taskįull form of XML Answer: Full form of XML he flag will be on the first page after you login XML External Entity Now that we have the password go to the login page again and login with admin and the password that we have found. Copy and past that in as the answer of the question. The password will be in the result filed. Navigate to fill in the hash you just found and press Crack Hashes. Copy and paste that hash into the answer field Notice the at the end of the commands within the sqlite3 programĪfter pressing enter at the last command you will find a the answer. Make sure you are at the location where the webapp.db is located. Open up a terminal and type in the following command. What is the password hash of the admin user?ĭownload the webapp.db by clickin gon it. Use the supporting material to access the sensitive data. When navigating to the correct location we can see a file with the extension. What file stands out as being likely to contain sensitive data? Navigate to the directory you found in question one. Navigate to the login page and view the source code. Open the page in a browser of your choice. What is the name of the mentioned directory? Read all that is in the task and press complete Read all that is in the task and Deploy the VM attached to this task What is the flag that you found in arthur’s account?ĭo the same thing as previous question but then with the username arthur You will see the flag to copy and paste into the answer box Now go login with the user and password you have created. Just press register and type in as username ” darren” fill in an email and password. In the last paragraph of the task you will find the answer. What is the flag that you found in darren’s account? Read all that is in the task then press complete look for 00-header and where it is located then cat it to screen cat /etc/update-motd.d/00-header Answer: DR PEPPER For us we can type in the command ls /etc/update-motd.d this will show you all the files that are there for the MOTD. This will tell you all about the MOTD and what it is. With the google string linux where to find MOTD we come across this site How to use the motd file to get Linux users to pay attention | Network World Type in the command lsb_release -a Answer 18.04.4ĥ.6 Print out the MOTD. Read the same line and you will the the directory Answer: /usr/sbin/nologin Type in cat /etc/passwd and look for the www-data user. Type in the command whoami Answer: www-data and we need to look if they have a home directory so /home/$Username Answer: 0 Type in the command ls in the console and press submit The answer: drpepper.txtĥ.2 How many non-root/non-service/non-daemon users are there?Įnter the command cat /etc/passwd and press submitĪll above: x:100 are users. Read all that is in those tasks and press completeĭeploy the attached VM and read all that is in the task.ĥ.1 What strange text file is in the website root directory?Īs this is a reverse shell. In this room we will learn the following OWASP top 10 vulnerabilities Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment. This is the write up for the room OWASP Top 10 on Tryhackme
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |