I’m currently starting my journey in cybersecurity. Since I’m still learning, please feel free to point out any mistakes or share your advice. I’d really appreciate it!

Task 8 : Extra-Mile Challenge

1. Login and Create Internal Form.

2. Create any name.

3. Once completed, it will look like this.

4. Try use Template Engines from exercise.

5. Use ls to find hidden text file in the server.

6. Use cat to read file we find.

7. Finish

https://tryhackme.com/room/serversidetemplateinjection?utm_campaign=social_share&utm_medium=social&utm_content=share-completed-room&utm_source=copy&sharerId=62b57bb829e1540043b70632

“I’m currently starting my journey in cybersecurity. Since I’m still learning, please feel free to point out any mistakes or share your advice. I’d really appreciate it!”

1. I used Nmap to scan for open ports.

2. I proceeded to investigate the identified ports.

3. I checked the source code for vulnerabilities and discovered a comment tag: <!-- hmr_dir… — !>

4. Then, I used ffuf to perform directory brute-forcing, using “hmr_” as a prefix.

5. I accessed a suspicious directory hmr_logs/error.logs and found a username, which served as a clue for the next step.

6. After clicking “Forgot Password,” I was redirected to reset_password.php.

7. The page had a 180-second timeout and required a 4-digit PIN.

8. I used ffuf to brute-force the PIN while carefully avoiding the rate limit.

9. I was then able to reset the password.

10. I successfully captured the first flag.

11. I used Burp Suite to intercept requests/responses and executed the ls command to list files in the directory.

12. I modified the token by changing “kid” to 188ade1.key, "role" to admin, and setting persistentSession to yes.

13. I used the 188ade1.key file as the signing secret for the token.

14. Finally, I retrieved the last flag.

Walkthrough of TryHackMe’s Splunk: Exploring SPL room — step-by-step guide with SPL examples and screenshots

https://tryhackme.com/room/splunkexploringspl?sharerId=62b57bb829e1540043b70632

# Q : What is the name of the host in the Data Summary tab?

# Q : In the search History, what is the 7th search query in the list? (excluding your searches from today)

# Q : In the left field panel, which Source IP has recorded max events?

# Q : How many events are returned when we apply the time filter to display events on 04/15/2022 and Time from 08:05 AM to 08:06 AM?

# Q : How many Events are returned when searching for Event ID 1 AND User as *James*?

# Q : How many events are observed with Destination IP 172.18.39.6 AND destination Port 135?

# Q : What is the Source IP with highest count returned with this Search query?
Search Query: index=windowslogs Hostname=”Salena.Adam” DestinationIp=”172.18.38.5"

# Q : In the index windowslogs, search for all the events that contain the term cyber how many events returned?

# Q : Now search for the term cyber*, how many events are returned?

# Q : What is the third EventID returned against this search query?

Search Query: index=windowslogs | table _time EventID Hostname SourceName | reverse

# Q : Use the dedup command against the Hostname field before the reverse command in the query mentioned in Question 1. What is the first username returned in the Hostname field?

# Q : Using the Reverse command with the search query index=windowslogs | table _time EventID Hostname SourceName — what is the HostName that comes on top?

# Q : What is the last EventID returned when the query in question 1 is updated with the tail command?

# Q : Sort the above query against the SourceName. What is the top SourceName returned?

# Q : List the top 8 Image processes using the top command — what is the total count of the 6th Image?

# Q : Using the rare command, identify the user with the least number of activities captured?

# Q : Create a pie-chart using the chart command — what is the count for the conhost.exe process?

#tryhackme #splunk #SPL #cybersecurity #SIEM

Session Management

Q : What is the username of the student with the name X?

A:

How To ?? // การได้มาของคำตอบ

1. Look at Network Request. // คลิกที่แท็ปของ Network แล้วไล่ดูคำขอที่ส่งมา
2. We can see that requests were sent to three dashboards SuperAdmin/Student/Lecture. // จะเห็นได้ว่ามี 3 แดชบอร์ดที่ถูกส่งมา

3. Change userRole to Lecture. // เปลี่ยน userRole เป็น Lecture

4. Find Answer. // คำตอบ

Q : How many lecturers are registered on the application?

A :

Q : Excluding the unauthenticated user, how many roles does the application have?

A :

Q : How many test attempts in total have been performed on the application?

A :

Q : What is the highest score that student1 has achieved on a test?

A :

How To ??

1. Go to ID 1.

2. Answer.

Q : What is the sequence of correct answers for the Database Types test? (Format y=yes and n=no, separated by commas)

A :

What is the first ingredient that Rick needs?

A: mr. meeseek hair

?? How To ??

1. I use Nmap first.

2. I use Gobuster to search for Infomation.

3. View page source.

And

4. Try to open the directory we found with Gobuster.

5. And i think we found Username and Password.

6. Yes we can get in.

7. Try ls

8. And try into first file

9. Done.

What is the second ingredient in Rick’s potion?

A: 1 jerry tear

?? HOW TO ??

1. Check Sudo

2.

3.

What is the last and final ingredient?

A: fleeb juice

?? HOW TO ??

1.

2.

Q: Find open ports on the machine?

Q: Who wrote the task list?

Login FTP By Name Anonumous

I use command mget *.* for download allfiles

A: lin

Q: What service can you bruteforce with the text file found?

A: RedDr4gonSynd1cat3

Q: user.txt

A: THM{CR1M3_SyNd1C4T3}

Q: root.txt

A: THM{80UN7Y_h4cK3r}

https://tryhackme.com/room/cowboyhacker

When you open the link, you will see this website.

2. Click Inspect for see all data.

3. It looks like there’s nothing we need.

4. Click Network

5. When I saw all the files, the one named ‘option’ seemed interesting because it had the word ‘secret’ in it.

6. When I type the data form ‘secret’, we will find the flag.

https://www.hackthebox.com/achievement/challenge/1414440/646

1. ใช้ chat gpt ในการช่วยหาคำตอบ

2. ใช้ binwalk

จากภาพแสดงว่ามีไฟล์ซ่อนอยู่ 3 ไฟล์

3. ใช้คำสั่ง -e เพื่อแตกไฟล์ที่ซ่อนอยู่

4. ไฟล์ที่แตกออกมาจะได้นามสกุล โฟเดอร์.extracted

5. ภายในโฟเดอร์.extracted

6. ละไฟล์รูปอยู่ไหน ?? ถาม Chat GPT ต่อ

7. ใช้คำสั่ง binwalk -D ‘image:png’ [ชื่อไฟล์ที่โหลดมา] เพื่อแยกไฟล์รูปออกมา

8. ได้ไฟล์รูปแล้ว

9. flag

https://ctflearn.com/challenge/108

1. ผมจะใช้ Chat GPT ในการช่วยหาคำตอบ

2. ผมเลือกใช้ exiftool ในการหาคำตอบ

3. เจอ flag

4. เสร็จสิ้น

https://ctflearn.com/challenge/303

From what domain is the VBS script downloaded?

Ans:

What was the IP address associated with the domain in question #1 used for this attack?

Ans:

What is the filename of the VBS script used for initial access?

Ans:

What was the URL used to get a PowerShell script?

Ans:

What likely legit binary was downloaded to the victim machine?

Ans:

From what URL was the malware used with the binary from question #5 downloaded?

Ans:

What filename was the malware from question #6 given on disk?

Ans:

What is the TLSH of the malware?

Ans:

What is the name given to this malware? Use the name used by McAfee, Ikarus, and alejandro.sanchez.

Ans:

What is the user-agent string of the infected machine?

Ans:

To what IP does the RAT from the previous question connect?

Ans:

https://labs.hackthebox.com/achievement/sherlock/1414440/761