TryHackMe CTF (Avengers Blog)

By: Nicholas Werner

Start out by visiting the website.

If you click F12 on your keyboard, go to “Storage”, and click on the “Cookies” dropdown you should find flag1.

If you go to the Network tab, reload the page, and click on the original request made from your browser to the web server you should see flag2.

Run an nmap scan to see which ports are open.

Login to the FTP server with:

username: groot

password: iamgroot

We enter into passive mode with passive, then ls, cd files, ls, get flag3.txt to get the file on our local directory.

exit to exit the ftp server.

ls and cat flag3.txt gives us the output from flag3.txt

Now we want to run GoBuster to find a directory that has an Avenger’s login. We found /portal.

When we enter this statement into both the username and password field as shown below we should get access to the website via SQL injection.

Looks like we gained access!

If you right click and view page source you can see that there are 223 lines of code.

ls shows us some files in our current directory.

cd ../ takes us back to the home directory and ls allows us to see the files in that directory.

It looks like when we try to cat out the flag5.txt they do not allow it so we need to find a different way to view the contents of the file.

tac flag5.txt ended up allowing us to see the contents of the last flag.

Application Security Engineer | Penetration Tester