Anthem
Last updated
Last updated
This is my write-up for the TryHackMe box known as Anthem located at: .
The firs thing I did was ran nmap onto the IP address. I did this with the following command:
I then got the following as the result:
What port is for the web server? 80
What port is for remote desktop service? 3389
From this point, I went to browsing the webpage to see if there is anything suspicious or standing out for me to use. After browsing around and not finding anything, I decided to run DirBuster on the website:
Although I was getting a lot of information from the DirBuster search, it was the hint for the question which got me further:
My first thought after looking at this was robots.txt, and sure enough when I went to that webpage, I found this:
What is a possible password in one of the pages web crawlers check for? UmbracoIsTheBest!
What CMS is the website using? Umbraco
What is the domain of the website? Anthem.com
Instead of searching about this online, I realized that I might have heard this before in reference to Solomon Grundy (maybe in regards to Comics?). I tried it and it worked as the answer!
What's the name of the Administrator? Solomon Grundy
Using the hint from TryHackMe, I realized that I had to find the naming scheme for the email. I then found this:
Can we find the email address of the administrator? SG@anthem.com
For Flag 2, I just found it on source of the main page:
For Flag 3, I was looking around on different pages, and ended up finding it on the site: <IP_adress>/authors/jane-doe:
For Flag 4, I then found it following the same steps as Flag 1:
After I entered the password, I then saw the following:
I opened the user.txt file, and got the following:
Gain initial access to the machine, what is the contents of user.txt? THM{N00T_NO0T}
I was then able to see the hidden folder:
I was unable to view the file, because I did not have permissions. I then changed the permissions to be for SG:
I was then able to view the file:
Can we spot the admin password? ChangeMeBaby1MoreTime
I did not have any idea about how to get root on a Windows machine. I then viewed the same previous write-up and noticed that we have the admin password. So we can use PowerShell at an admin level. I then got into the Desktop folder of the root and got the flag:
This is one of my first 5 Windows machines that I have learned to work on. I did learn a lot about, such as making sure to looking for hidden folders to how to spot flags using BurpSuite. It was a great box. It took me about 3 hours to complete. A lot of that had to do with my lack of knowledge in Windows exploitation. In addition, enumerating for me took a while, since some searches were taking a long time so I had to go find an alternative.
For the previous question, I took a look at , which made me realize that Umbraco was a CMS all along. As for the next question, a quick glance at the main page can show you what the domain name is:
I was having a hard time trying to find the admin of the website. I looked around all around the website looking though the JavaScript and HTML, and was not able to find anything. I then to see where I went wrong. I had to look more closely at the "poem" on one of the pages:
I had to use the hint for the first flag. The hint was "Have we inspected the pages yet?", and then I tried to go off of that, and got nowhere. I then viewed and noticed that the author used burpsuite. I realized that I will try to do the same. I then found the flag:
We have to figure out the username and password for the box. My first thought was to make a name list based on the names I saw on the website. I looked at the other port, other than 80, and it was 3389. Port 3389 was used for RDP, also knowing as Remote Desktop Protocol. I then had to find a software to get access to the desktop of the machine. I find out about , and used it. As for the username, I viewed and realized that the username would be SG. It took me a while to get the password, which was from the first section of the machine: UmbracoIsTheBest! I then used that information to log in using the command:
After I was lost for a while trying to find an answer to the next question, I viewed , and noticed that a folder was hidden in the C:\ drive. In order to view it, you had to change the settings to view the hidden folder:
