Anthem[THM]: Writeup

A write up covering steps taken to solve Beginner level CTF : Anthem room in TryHackMe platform.

This blog is written as part of task of Masters Certification in Red Team Program from HackerU.

Step 1 : Connect to TryHackMe and start target machine.

  1. Download OpenVPN configuration setting from TryHackMe platform
  2. Connect to TryHackMe by running the command in kali terminal:

sudo openvpn /pathtoOVPNfile.ovpn

3. Start machine in ‘anthem’ room — target ip address will be displayed in a minute.

Step 2 : Information gathering using Nmap

  1. Start nmap scan of the target ip:

nmap -A -O <target ip>

nmap result

2. Running dirbuster on target ip with /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Step 3: Detailed Findings

Open Ports:

80 : http

3389 : ms-wbt-server

  1. Accessing port 80

Navigating to different directories found below flags:

  1. Navigating robots.txt

2. Navigate to:

3. Click on categories tab, View source code Found a flag 1

4. Click on IT department, View source code found a flag 2

5. Navigate to > View source code, found 3rd flag

6. Navigate to > found 4th flag

7. Navigating to > got a poem

8. Upon google searching the poem found as site suggest that author is admin > found admin name

solomon grundy

9. Navigate to /umbraco login page is displayed > Try to login as admin user found

Mail id of jane doe is

So, email id of solomon grundy will be and password found in robots.txt

10. Login to RDP as port 3389 is open, with above credentials

rdesktop -u SG -p UmbracoIsTheBest! <targetIP>

11. Found User.txt on desktop

12. Search for windows> run> Recent files

13. found recet.txt file, Change permission for the file recent.txt > Right click > properties > security > edit > add WIN-LU09229160F\Users > apply > ok.

14. Go to command prompt and access backup> restore.txt

Found, Administrator password:

15. Navigate to Administrator folder under C:/Users/Administrator > Users is asked enter password, entered password found in restore.txt

16. After successful login, navigate to Administrator/Desktop > found root.txt

With these steps, I was able to answer all the questions posted in Anthem room on TryHackMe.

Thank you for reading this blog..

Software Tester