touch up writeup demo

Start writing here.Hey all my name is rohit singh karakoti and in this article i will give you a detailed Walkthrough or writeup of a room Smol From TryHackMe

Machine info : Takeover

Level : easy

Objectives :

Minimize image

Edit image

Delete image

Lets Start

STEP 1: connectivity

So in this step i will show you how to connect thm labs with your machine

Start the machine and wait for the ip address by that time you should connect to the thm server using attackbox or openvpn we have use openvp here

steps to connect to openvpn are:

thm > click on profile > acess > download configuratiuon file

Open kali and select the path where you have downloaded the file

Minimize image

Edit image

Delete image

type command: sudo openvpn "filename.ovpn" after you get connected lets start

Let’s add the hostname https://futurevera.thm to our DNS with the IP of the target system as requested in the room:

echo "10.49.135.210 futurevera.thm" | sudo tee -a /etc/hosts

Task 2: Reconnaissance

1. Nothing found on nmap Enumeration

2. Enumeratiing subdomain through gobuster

gobuster vhost -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u futurevera.thm -t 50 --append-domain

Minimize image

Edit image

Delete image

we got another domain named as portal.futurevera.thm lets add these on the host list after checking on various things and checking the website and all i decided to a ffuf scan

ffuf -H "Host: FUZZ.futurevera.thm" -u https://10.49.135.210 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -fs 0,4605

we got two subdomains support and blog

Minimize image

Edit image

Delete image

lets add these two subdomain on our host file

echo "10.49.135.210 support.futurevera.thm blog.futurevera.thm" | sudo tee -a /etc/hosts

Now, visiting support.futurevera.thm in the browser shows us a website with a certificate. Let’s inspect it closely…

Minimize image

Edit image

Delete image

examine the site’s certificate:

Minimize image

Edit image

Delete image

It seems like we have found a clue now. Now let’s add this page to our DNS configuration file and try opening it in the browser:

Minimize image

Edit image

Delete image

Answer: flag{beea0d6edfcee06a59b83fb50ae81b2f}

Another box pawned and a real fun box

Thank you to the developer of this box, I enjoyed it a lot.

if you are on TRYHACKME and want to connect here is my username: H1D3

HAPPY HACKING ! :)