Room Link-: click here
First, Login tryhackme and download the configuration file from the access page below
If you have already installed OpenVPN on your computer, otherwise you can install it by typing the following command: (Linux user sudo)
Once you have installed OpenVPN on your computer, go to the directory of this configuration file and enter the following command
It will start connecting and when the terminal shows you that the sequence is complete as shown in the message in Figure 1.4, it means that your VPN is connected to the TryHackMe network.
-p- : You can specify “-p-” to scan ports from 1 to 65535.
You can use various parameters to specify which services run on which ports. That’s entirely up to you.
When we access port 80 through the browser, we see a field where we can enter any input. I think this website converts the input to pdf format.
And when we access port 5000 through the browser we see a similar structure but it doesn’t work…
We can use Go Buster to explore the directories to know more about ports 80 and 5000. You can also use different tools like dir buster and dirb for this process. Your choice…
Gobuster is a tool used to brute force URIs including directories and files as well as DNS subdomains.
Uses directory/file enumeration mode.
: We can use the “
” option to specify the target domain or subdomain you want to dig into hidden directories and files.
Path to the word list.
Looking at the results, we see that the admin directory exists for both. However, when we try to access it, we get an HTTP 403 Forbidden error.
HTTP 403 is an HTTP status code that means access to the requested resource is denied.
When we investigate the error, we realize that these pages are only accessible internally.
So far we have seen some mistakes and rest assured that these mistakes will make us achieve the result.
Now let’s go back and do some basic tests inside the input field. I think we can start by typing “Hello World!”.
Before we start testing, let me explain what HTML Injection is.
HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While an XSS vulnerability allows an attacker to inject and execute Javascript code, an HTML injection attack allows only certain HTML tags to be injected. When the application does not properly process user-supplied data, an attacker can supply valid HTML, usually via a parameter value, and inject their own content into the page.
Let’s write some basic HTML code and see what happens as a result.
Yes, it worked. So what can we do next?
Remember the first bug we ran into? I have a feeling we’re thinking the same thing. Maybe we can get there via HTML. Let’s try it!
An IFrame, also known as an Inline Frame, is an element that loads another HTML element inside a web page. They are commonly used to embed specific content such as external advertisements, videos, tags or other interactive elements on a page.
src: Specifies the address of the document to be inserted into the <iframe>.
Great! This way we can see what’s inside.
So we can apply the same logic to the admin directory. Are you as excited as I am? Uhhh.
Incredible! My friend, we did it. by MD2PDF
What is the flag?
Congratulations, you found the flag! Say goodbye.
The information provided by me, MD2PDF, is for educational and informational purposes only. While I strive to provide accurate and up-to-date information, I make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability respect of the information, products, services, or related graphics contained in this communication for any purpose.
First, Login tryhackme and download the configuration file from the access page below
If you have already installed OpenVPN on your computer, otherwise you can install it by typing the following command: (Linux user sudo)
Once you have installed OpenVPN on your computer, go to the directory of this configuration file and enter the following command
It will start connecting and when the terminal shows you that the sequence is complete as shown in the message in Figure 1.4, it means that your VPN is connected to the TryHackMe network.
-p- : You can specify “-p-” to scan ports from 1 to 65535.
You can use various parameters to specify which services run on which ports. That’s entirely up to you.
When we access port 80 through the browser, we see a field where we can enter any input. I think this website converts the input to pdf format.
And when we access port 5000 through the browser we see a similar structure but it doesn’t work…
We can use Go Buster to explore the directories to know more about ports 80 and 5000. You can also use different tools like dir buster and dirb for this process. Your choice…
Gobuster is a tool used to brute force URIs including directories and files as well as DNS subdomains.
Uses directory/file enumeration mode.
: We can use the “
” option to specify the target domain or subdomain you want to dig into hidden directories and files.
Path to the word list.
Looking at the results, we see that the admin directory exists for both. However, when we try to access it, we get an HTTP 403 Forbidden error.
HTTP 403 is an HTTP status code that means access to the requested resource is denied.
When we investigate the error, we realize that these pages are only accessible internally.
So far we have seen some mistakes and rest assured that these mistakes will make us achieve the result.
Now let’s go back and do some basic tests inside the input field. I think we can start by typing “Hello World!”.
Before we start testing, let me explain what HTML Injection is.
HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While an XSS vulnerability allows an attacker to inject and execute Javascript code, an HTML injection attack allows only certain HTML tags to be injected. When the application does not properly process user-supplied data, an attacker can supply valid HTML, usually via a parameter value, and inject their own content into the page.
Let’s write some basic HTML code and see what happens as a result.
Yes, it worked. So what can we do next?
Remember the first bug we ran into? I have a feeling we’re thinking the same thing. Maybe we can get there via HTML. Let’s try it!
An IFrame, also known as an Inline Frame, is an element that loads another HTML element inside a web page. They are commonly used to embed specific content such as external advertisements, videos, tags or other interactive elements on a page.
src: Specifies the address of the document to be inserted into the <iframe>.
Great! This way we can see what’s inside.
So we can apply the same logic to the admin directory. Are you as excited as I am? Uhhh.
Incredible! My friend, we did it. by MD2PDF
What is the flag?
Congratulations, you found the flag! Say goodbye.
The information provided by me, MD2PDF, is for educational and informational purposes only. While I strive to provide accurate and up-to-date information, I make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability respect of the information, products, services, or related graphics contained in this communication for any purpose.