Anthem ( tryhackme ) Write Up

About

Quick write-up on the Anthem box, not going to go into huge detail but should be enough for people to be able to complete it.

Link: https://tryhackme.com/room/anthem

This is my first write up, any comments or questions are welcome.

Thoughs

Although this box is listed as easy it can be hard and frustrating, it took me a couple of extensions to work my way through it. The flags in Task 2 cost a few points as it was not clear which flag was which.

[Task1] Website Analysis

The following are basic CTF bits, if you do not know how to use NMAP and the basic ports used by services / operating systems then I suggest you go do the Beginner Learning Path

  • Let's run nmap and check what ports are open.
  • What port is for the web server?
  • What port is for remote desktop service?

The below are bit more involved

  • What is a possible password in one of the pages web crawlers check for?

What files do crawlers look for on a website ?

  • What CMS is the website using?

You should be able to use the above file to find this

  • What is the domain of the website?

This can found in the title of the website

  • What's the name of the Administrator

This was a bit of PIA and took a while, few people have said the hint doesn't help. There is a post thanking the admin of the site which contains a poem, have a google of the poem.

  • Can we find find the email address of the administrator?

Again there is a post where another employee lists their email address, use this format with the name you found above

[Task2] Spot the flags

The flags are hidden in the source code of the website, some in the body text and some in the meta data.

  • What is flag 1?
  • What is flag 2?
  • What is flag 3?
  • What is flag 4?

[Task3] Final stage

  • Let's figure out the username and password to log in to the box.(The box is not on a domain)

This one took me longer than I'd like to admit but people re-use usernames and passwords. Users windows usernames are normally the first part of their emails in most orgs.

  • Gain initial access to the machine, what is the contents of user.txt?

This is on the users desktop when you log in via RDP/SMB using the credentials above.

  • Can we spot the admin password?

The file is in a hidden folder in the root of the C:\ drive, you will need to change the permissions of the file to read it though.

  • Escalate your privileges to root, what is the contents of root.txt?

Again this is on the desktop once you log in as the Administrator