blogwriteupsguides

TryHackMe - Advent of Cyber

Posted June 17, 2020 · 1 min read
tryhackme
web
enumeration

Day 1 - Cookies

Machine IP: 10.10.55.239

Users made:

  • hi
  • mcinventory

Cookies are a small piece of data sent to you from a website, that keeps track of your visits and activities.

Cookies can be searched from your web browser by opening Developer Options (F12), and going into the Applications tab. Cookies will be under the section named Storage.

Login Cookies (AuthID)

UserCookie
hiaGl2NGVyOWxsMSFzcw%3D%3D
mcinventorybWNpbnZlbnRvcnl2NGVyOWxsMSFzcw%3D%3D

If we decode the cookie using base64, you will get a decrypted message like mcinventoryv4er9ll1!ss or hiv4er9ll1!ss, and when examined, shows the username of the account, along with the string v4er9ll1!ss, which is the common part.

Please note to remove the string %3D%3D as it is not a part of the cookie which can be decoded

Day 2 - Directory Enumeration

Machine IP: 10.10.51.129

First question is to find a hidden path of the web server.

Options: gobuster, dirb, dirbuster

These applications can be used to find directories of the webserver against a wordlist.

gobuster -w /usr/share/wordlists/dirbuster/x.txt -u http://10.10.51.129:3000 > gobuster/initial