Open in app

Sign in

Write

Sign in

TryHackMe || Juicy Details Walkthrough

Nihir Zala
3 min readMar 20, 2024

Task 2:

  1. What tools did the attacker use? (Order by the occurrence in the log)
cat access.log| awk -F " " '{print $12,$13,$14}'
Ans: nmap, hydra, sqlmap, curl, feroxbuster

2. What endpoint was vulnerable to a brute-force attack?

Ans: /rest/user/login

3. What endpoint was vulnerable to SQL injection?

Ans: /rest/products/search

4. What parameter was used for the SQL injection?

Ans: q

5. What endpoint did the attacker try to use to retrieve files? (Include the /)

cat access.log | grep “feroxbuster” | awk -F “/” ‘{print $4}
Ans: ftp

Task 3:

  1. What section of the website did the attacker use to scrape user email addresses?
Hint: Where can customers usually comment on a shopping website?
Ans: product review

2. Was their brute-force attack successful? If so, what is the timestamp of the successful login? (Yay/Nay, 11/Apr/2021:09:xx:xx +0000)

cat access.log | grep “Hydra”
Ans: Yay, 11/Apr/2021:09:16:31 +0000

3. What user information was the attacker able to retrieve from the endpoint vulnerable to SQL injection?

Using the information gathered from the previous task we get to know that the attacker’s endpoint was /rest/products/search. So Analyze the log file, we found that the attacker gathered information on the users email and password.

Ans: email,password

4. What files did they try to download from the vulnerable endpoint? (endpoint from the previous task, question #5)

Using the information gathered from the previous question the attacker successfully downloaded backup files (.bk) form the server.

The files are coupons_2013.md.bak and www-data.bak

Ans: coupons_2013.md.bak,www-data.bak

5. What service and account name were used to retrieve files from the previous question? (service, username)

Using data obtained from vsftpd.log the attacker used FTP and anonymous to retrieve the backup files.

Ans: ftp,anonymous

6. What service and username were used to gain shell access to the server? (service, username)

After multiple attempts, the attacker gained access to the server using ssh and www-data for the username

Ams: ssh,www-data

You can follow me on social media:

Twitter, Linkedin, Instagram & Github.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Tryhackme
Tryhackme Walkthrough
Tryhackme Writeup
Ctf
Ctf Walkthrough

Nihir Zala
Nihir Zala

Written by Nihir Zala

38 Followers
1 Following

Hi there, I'm Nihir Zala—a Laravel developer from Gujrat, India, with over 2.5 years of professional experience. I also learning Penetesting from THM and HTB.

No responses yet

Write a response

What are your thoughts?

More from Nihir Zala

See all from Nihir Zala

Recommended from Medium

Lists

Staff picks

827 stories1649 saves

Stories to Help You Level-Up at Work

19 stories948 saves

Self-Improvement 101

20 stories3355 saves

Productivity 101

20 stories2821 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams