Open in app

Sign in

Write

Sign in

TryHackMe: [Day 7] Web Exploitation Migration Without Security

Mac Leo
3 min readApr 4, 2022

--

  1. Interact with the MongoDB server to find the flag. What is the flag?

ANS: THM{8814a5e6662a9763f7df23ee59d944f9}

EXPLANATION:

Step 1: Once connect via ssh, type mongo. Then type this syntax

show databases()

Step 2: Type: use flagdb()

Step 3: Type: db.getCollectionNames()

Step 4: Type: db.flagColl.find()

2. We discussed how to bypass login pages as an admin. Can you log into the application that Grinch Enterprise controls as admin and retrieve the flag?

Use the knowledge given in AoC3 day 4 to setup and run Burp Suite proxy to intercept the HTTP request for the login page. Then modify the POST parameter.

ANS: THM{b6b304f5d5834a4d089b570840b467a8}

EXPLANATION:

Step 1: Open this link (http://10-10-32-166.p.thmlabs.com), we know username is admin but we try admin as password but it doesn`t work.

So open Burp, Intercept the request and send it to Repeater.

Step 2: Edit the password=admin -> password[$ne]=admin, then click send , check if it respond back.

Step3: If it works, do the same ( password=admin -> password[$ne]=admin) on the proxy tab, then forward.

Step 4: Once Login, Go to flag, to view the flag.

3. Once you are logged in, use the gift search page to list all usernames that have guest roles. What is the flag?

ANS: THM{2ec099f2d602cc4968c5267970be1326}

EXPLANATION:

Step 1: Once Login, Go to Search, Then type guest check if it works

Step 2: If doesn`t work, then intercept the request in Burp. then edit the syntax:

username[$ne]=guest&role=guest

Step 3: Forward the Request, we are able to see the flag.

4. Use the gift search page to perform NoSQL injection and retrieve the mcskidy record. What is the details record?

ANS: ID:6184f516ef6da50433f100f4:mcskidy:admin

EXPLANATION:

Step 1: We have to follow similair steps as Question 3 with small changes

username=mcskidy&role[$ne]=guest

Step 2: Forward the Request, we are able to see the flag.

*****************THANK YOU****KEEP LEARNING ******************

HOPE YOU GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE PAGE WILL BE MUCH APPRECIATED AND FOLLOW MY PROFILE FOR MORE WRITE-UPS

*******PEACE*****

Tryhackme
Ctf
Hacking
Writeup
Tryhackme Writeup

--

--

Mac Leo

Written by Mac Leo

93 Followers

Hacker |Cybersecurity Researcher | CTF Player |Cybersecurity Enthusiast

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams