Going back to the browser and clicking the Padlock logo before the URL to open the Site Security Section. It says “ALWAYSCHECKTHESSLCERTIFICATEFORCLUES”. We used the online decoder for ROT to decode the text and found the secret message intended for us. echo "KBQWY4DONAQHE53UOJ5CA2LXOQQEQSCBEBZHIZ3JPB2XQ4TQNF2CA5LEM4QHEYLKORUC4=" | base32 -d Upon inspection, it was clear that it was ROT13 encoding. We got another set of texts that seems to be another encoding. We will use the combination of the echo command and the base32 to decode the encoded magic text. Ĭhecking the Page Source of the Webpage, we see that text has been commented in the source code for us to copy as shown in the image below. We have another message from Finn, it says that Jake has given him a magic word that can be helpful to Find him. In a few moments, we were able to identify the directory by the name of candybar. We will be using the OWASP Dirbuster for this task. Since there is not much to go on and the image seems to be all that is available to us at the moment, we decided to perform a Directory Bruteforce. We see that there is a website loaded that has an image of Finn from Adventure Time telling us that he has lost Jake and wants our help in finding him. We will begin our enumeration with the HTTPS service since there was no web page available on the HTTP. That leaves us the HTTP, HTTPS, and the Unknown service. We cannot enumerate the FTP service and the SSH service since we lack the credentials for both. We will take a look at the Unknown service in a bit. We have a bunch of services running on the target machine. We will start a nmap scan with the -sV for performing a Version Scan on the target machine. IP Address: 10.10.230.20 Network Scanning After Booting up the target machine from the TryHackMe: Adventure Time CTF Page, an IP will be assigned to the machine and will be visible on that page as well. There are 5 flags in this machine to discover.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |