Takeover — TryHackMe Simple Writeup | 2023

3 days ago 6
BOOK THIS SPACE FOR AD
ARTICLE AD

TryHackMe’s Takeover Simple Walkthrough | Karthikeyan Nagaraj

Room Description:

Hello there,

I am the CEO and one of the co-founders offuturevera.thm.In Futurevera, we believe that the future is in space.We do a lot of space research and writeblogs about it.We used to help students with space questions, but we are rebuilding oursupport.

Recently blackhat hackers approached us saying they could take over and are asking us for a big ransom. Please help us to find what they can take over.

Hint: Don’t forget to add the 10.10.218.33 in /etc/hosts for futurevera.thm ; )

Our website is located at https://futurevera.thm

Note:

For this challenge, you don’t need to Enumerate subdomains via tools. Because, we can assume the sub-domains, which is mentioned in 4th step.
Only for this Challenge!!And, Some domains won’t work in chrome, In that cases use firefox

Connect to TryHackMe’s VPN and Make sure to add the subdomains to /etc/hosts with the corresponding IP

Nothing found on nmap EnumerationNothing was found in the Source codeSubdomain Enumeration through gobuster displays a subdomain portal.futurevera.thmgobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u futurevera.thm -t 50 --append-domain

4. Make sure to add the subdomain to/etc/hostsbefore opening

http://portal.futurevera.thm

4. As per the room description, we can assume that there will be 2 subdomains → blog and support

5. Let’s add the Sub domain https://blog.futurevera.thm to/etc/hosts and Explore it further

sudo echo <THM-IP> blog.futurevera.thm >> /etc/hosts

if you get an error, try the below command

su
echo <THM-IP> blog.futurevera.thm >> /etc/hosts

6. Inspecting Blog doesn’t provide anything useful. So Let’s move to support

7. The Room Description Expresses that they are rebuilding thesupport page, so there may be chances to obtain the flag

8. By Checking the certificate, we found a domain name

9. On Opening the domain, we’ll get the flag

Flag: flag{beea0d6edfcee06a59b83fb50ae81b2f}

Feel Free to Ask Queries via LinkedIn and to Buy me a Cofee : )

Thank you for Reading!!

Happy Takeover ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

tryhackme , thm , subdomain takeover , takeover , ctf , bug , bug bounty , bug hunting , vulnerability , cyber security , cve , karthikeyan nagaraj , cyber wing

Read Entire Article