Menu
Article ctf

Anthem ( tryhackme ) Write Up

Tony J

Tony J

• 3 min read
Anthem ( tryhackme ) Write Up

anthem1

About

Quick write-up on the Anthem box, not going to go into huge detail but should be enough for people to be able to complete it.

Link: https://tryhackme.com/room/anthem

This is my first write up, any comments or questions are welcome.

Thoughs

Although this box is listed as easy it can be hard and frustrating, it took me a couple of extensions to work my way through it. The flags in Task 2 cost a few points as it was not clear which flag was which.

[Task1] Website Analysis

The following are basic CTF bits, if you do not know how to use NMAP and the basic ports used by services / operating systems then I suggest you go do the Beginner Learning Path

  • Let's run nmap and check what ports are open.
  • What port is for the web server?
  • What port is for remote desktop service?

The below are bit more involved

  • What is a possible password in one of the pages web crawlers check for?

What files do crawlers look for on a website ?

  • What CMS is the website using?

You should be able to use the above file to find this

  • What is the domain of the website?

This can found in the title of the website

  • What's the name of the Administrator

This was a bit of PIA and took a while, few people have said the hint doesn't help. There is a post thanking the admin of the site which contains a poem, have a google of the poem.

  • Can we find find the email address of the administrator?

Again there is a post where another employee lists their email address, use this format with the name you found above

[Task2] Spot the flags

The flags are hidden in the source code of the website, some in the body text and some in the meta data.

  • What is flag 1?
  • What is flag 2?
  • What is flag 3?
  • What is flag 4?

[Task3] Final stage

  • Let's figure out the username and password to log in to the box.(The box is not on a domain)

This one took me longer than I'd like to admit but people re-use usernames and passwords. Users windows usernames are normally the first part of their emails in most orgs.

  • Gain initial access to the machine, what is the contents of user.txt?

This is on the users desktop when you log in via RDP/SMB using the credentials above.
sg-desktop

  • Can we spot the admin password?

The file is in a hidden folder in the root of the C:\ drive, you will need to change the permissions of the file to read it though.

  • Escalate your privileges to root, what is the contents of root.txt?

Again this is on the desktop once you log in as the Administrator
admin

Screenshot_2020-05-22_14-23-12

Share
Show Comments

Topics

ctf: 55 TyrHackMe: 37 tryhackme: 32 hacking: 32 boot2root: 19 enumertaion: 17 python: 9 security: 8 lfi: 6 Getting Started: 5 windows: 5 AdventOfCyber2: 5 ubuntu: 5 BufferOverflow: 3 php: 2 exploit: 2 Linux: 2 IDOR: 2 reverse engineering: 2 OWASP: 2 >blog: 2 sudo: 2 AdventOfCyber: 2 adventofcyber2023: 2 oxidized: 2 nginx: 2 ssl: 1 kubernetes: 1 aoc: 1 AdventOfCyber3: 1 usb: 1 dns: 1 letsencrypt: 1 javascript: 1 bypass: 1 authentication: 1 firefox: 1 containers: 1 retropi: 1 ai: 1 chatbot: 1 password cracking: 1 hydra: 1 crunch: 1 cewl: 1 wfuzz: 1 nessus: 1 pwndoc-ng: 1 dodge: 1 n64: 1 raspberry: 1 microsoft: 1 rat: 1 social engineering: 1 microsoft teams: 1 docker: 1 ssti: 1 teams: 1 sqlmap: 1 raspbery pi os: 1 workspace: 1 citrix: 1 raspberry pi: 1 git: 1 pi: 1 ics: 1 ot: 1 modbus: 1 stream: 1 serialisation: 1 serialization: 1 volatility: 1 forensics: 1 SQLi: 1 serial: 1