TryHackMe’s Takeover Simple Walkthrough | Karthikeyan Nagaraj
Room Description:
Hello there,
- I am the CEO and one of the co-founders of
futurevera.thm. - In Futurevera, we believe that the future is in space.
- We do a lot of space research and write
blogsabout it. - We used to help students with space questions, but we are rebuilding our
support.
Recently blackhat hackers approached us saying they could take over and are asking us for a big ransom. Please help us to find what they can take over.
Hint: Don’t forget to add the 10.10.218.33 in /etc/hosts for futurevera.thm ; )
Our website is located at https://futurevera.thm
Note:
For this challenge, you don’t need to Enumerate subdomains via tools. Because, we can assume the sub-domains, which is mentioned in 4th step.
Only for this Challenge!!And, Some domains won’t work in chrome, In that cases use firefox
Connect to TryHackMe’s VPN and Make sure to add the subdomains to
/etc/hostswith the corresponding IP
- Nothing found on nmap Enumeration
- Nothing was found in the Source code
- Subdomain Enumeration through gobuster displays a subdomain portal.futurevera.thm
gobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u futurevera.thm -t 50 --append-domain4. Make sure to add the subdomain to/etc/hostsbefore opening
4. As per the room description, we can assume that there will be 2 subdomains → blog and support
5. Let’s add the Sub domain https://blog.futurevera.thm to/etc/hosts and Explore it further
sudo echo <THM-IP> blog.futurevera.thm >> /etc/hosts
if you get an error, try the below command
su
echo <THM-IP> blog.futurevera.thm >> /etc/hosts6. Inspecting Blog doesn’t provide anything useful. So Let’s move to support
7. The Room Description Expresses that they are rebuilding thesupport page, so there may be chances to obtain the flag
8. By Checking the certificate, we found a domain name
9. On Opening the domain, we’ll get the flag
Flag: flag{beea0d6edfcee06a59b83fb50ae81b2f}Feel Free to Ask Queries via LinkedIn and to Buy me a Cofee : )
Thank you for Reading!!
Happy Takeover ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng