Avengers Blog Tryhackme Writeup

Thatquietkid
3 min readApr 28, 2021

--

Link to the Tryhackme room:https://tryhackme.com/room/avengers

This is a fairly easy room.

So Let’s dive right in to answering all the questions.

Task 2:Cookies

You can view the cookies by right clicking on the page and going to inspect element and then in storage.

Task3:HTTP Headers

For this , we have to again right click on the page and going to inspect element and then in network you will find the answer (See the image below ).

Task4:Enumeration and FTP

First of all , we will do a port scan using nmap.

Command: nmap -A -T4 <IP Of The Machine>

A : is for aggressive scan ( does os and version detection)

T4: is for speed ( T1-T5 is the range)

3 Ports were open:

  1. FTP(port 21)
  2. SSH(port 22)
  3. HTTP(port 80)

We have been given username and password for ftp share ( username :groot and password :iamgroot)

Command: Ftp <IP of the machine>

Then it will ask for user and pass and then we see a files folder there and cd into that we see flag3.txt and download it on your machine using get command.(See the image below).

Task5: GoBuster

Directory bruteforcing using gobuster.

Command: gobuster dir -u HTTP://IP/ -w /path_to_the_wordlist/wordlist.txt .

You will find the name of directory.

Task6:SQL Injection

Going to the directory , we see a login page and it has sqli vulnerability.

Paste this in username and password:’ or 1=1 —

This is a SQL query which says either username or 1=1 which will always be true .

The answer for how many lines of code are there on the avengers site.

Task7: Remote Code Execution and Linux

We see that we can execute some commands on the page but we can’t use cat to view to the flag5.txt

I viewed the hint for this (What Linux command can read a file content in reverse?).

I searched on google and found that tac is the command that can display the content in reverse .

Command: cd ../; tacflag5.txt

So I have answered all the questions here and thankyou for reading my writeup and have a nice day.

--

--

Responses (1)