securityhackerctf.blogspot.com
Open in
urlscan Pro
2a00:1450:4001:830::2001
Public Scan
URL:
https://securityhackerctf.blogspot.com/2020/05/anthem-walkthrough-tryhackme.html?m=1
Submission: On June 16 via api from US — Scanned from DE
Submission: On June 16 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMhttps://securityhackerctf.blogspot.com/search
<form action="https://securityhackerctf.blogspot.com/search" class="mobile-search-form" role="search">
<input class="mobile-search-input" name="q" placeholder="Search this blog" type="search" value="">
<span class="hide-mobile-search"></span>
</form>
https://securityhackerctf.blogspot.com/search
<form action="https://securityhackerctf.blogspot.com/search" class="search-form" role="search">
<input autocomplete="off" class="search-input" name="q" placeholder="Search this blog" type="search" value="">
<span class="hide-search"></span>
</form>
Text Content
* About * * * * HometryhackmeAnthem Walkthrough - TryHackme ANTHEM WALKTHROUGH - TRYHACKME Akshay kerkar - May 31, 2020 ANTHEM Exploit a Windows machine in this beginner-level challenge. We first did a Nmap scan to check information about services and open ports. Nmap scan result: > Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-31 15:29 UTC > > NSE: Loaded 151 scripts for scanning. > > NSE: Script Pre-scanning. > > NSE: Starting runlevel 1 (of 3) scan. > > Initiating NSE at 15:29 > > Completed NSE at 15:29, 0.00s elapsed > > NSE: Starting runlevel 2 (of 3) scan. > > Initiating NSE at 15:29 > > Completed NSE at 15:29, 0.00s elapsed > > NSE: Starting runlevel 3 (of 3) scan. > > Initiating NSE at 15:29 > > Completed NSE at 15:29, 0.00s elapsed > > Initiating Ping Scan at 15:29 > > Scanning 10.10.143.118 [4 ports] > > Completed Ping Scan at 15:29, 2.18s elapsed (1 total hosts) > > Initiating Parallel DNS resolution of 1 host. at 15:29 > > Completed Parallel DNS resolution of 1 host. at 15:29, 0.02s elapsed > > Initiating SYN Stealth Scan at 15:29 > > Scanning 10.10.143.118 [1000 ports] > > Discovered open port 80/tcp on 10.10.143.118 > > Discovered open port 135/tcp on 10.10.143.118 > > Discovered open port 445/tcp on 10.10.143.118 > > Discovered open port 3389/tcp on 10.10.143.118 > > Discovered open port 139/tcp on 10.10.143.118 > > Increasing send delay for 10.10.143.118 from 0 to 5 due to 141 out of 469 > dropped probes since last increase. > > Completed SYN Stealth Scan at 15:30, 17.74s elapsed (1000 total ports) > > Initiating Service scan at 15:30 > > Scanning 5 services on 10.10.143.118 > > Completed Service scan at 15:30, 16.71s elapsed (5 services on 1 host) > > Initiating OS detection (try #1) against 10.10.143.118 > > Retrying OS detection (try #2) against 10.10.143.118 > > Retrying OS detection (try #3) against 10.10.143.118 > > Retrying OS detection (try #4) against 10.10.143.118 > > Retrying OS detection (try #5) against 10.10.143.118 > > Initiating Traceroute at 15:30 > > Completed Traceroute at 15:30, 0.15s elapsed > > Initiating Parallel DNS resolution of 2 hosts. at 15:30 > > Completed Parallel DNS resolution of 2 hosts. at 15:30, 0.00s elapsed > > NSE: Script scanning 10.10.143.118. > > NSE: Starting runlevel 1 (of 3) scan. > > Initiating NSE at 15:30 > > NSE Timing: About 99.10% done; ETC: 15:31 (0:00:00 remaining) > > Completed NSE at 15:31, 44.02s elapsed > > NSE: Starting runlevel 2 (of 3) scan. > > Initiating NSE at 15:31 > > Completed NSE at 15:31, 0.99s elapsed > > NSE: Starting runlevel 3 (of 3) scan. > > Initiating NSE at 15:31 > > Completed NSE at 15:31, 0.00s elapsed > > Nmap scan report for 10.10.143.118 > > The host is up, received timestamp-reply TTL 127 (0.16s latency). > > Scanned at 2020-05-31 15:29:45 UTC for 93s > > Not shown: 995 closed ports > > Reason: 995 resets > > PORT STATE SERVICE REASON VERSION > > 80/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 > (SSDP/UPnP) > > | HTTP-methods: > > |_ Supported Methods: OPTIONS > > 135/tcp open msrpc syn-ack TTL 127 Microsoft Windows RPC > > 139/tcp open NetBIOS-ssn syn-ack TTL 127 Microsoft Windows NetBIOS-ssn > > 445/tcp open Microsoft-ds? syn-ack TTL 127 > > 3389/tcp open ms-web-server syn-ack TTL 127 Microsoft Terminal Services > > | RDP-ntlm-info: > > | Target_Name: WIN-LU09299160F > > | NetBIOS_Domain_Name: WIN-LU09299160F > > | NetBIOS_Computer_Name: WIN-LU09299160F > > | DNS_Domain_Name: WIN-LU09299160F > > | DNS_Computer_Name: WIN-LU09299160F > > | Product_Version: 10.0.17763 > > |_ System_Time: 2020-05-31T15:30:39+00:00 ssl-cert: Subject: > commonName=WIN-LU09299160F > > | Issuer: commonName=WIN-LU09299160F > > | Public Key type: RSA > > | Public Key bits: 2048 > > | Signature Algorithm: sha256WithRSAEncryption > > | Not valid before: 2020-04-04T22:56:38 > > | Not valid after: 2020-10-04T22:56:38 > > | MD5: 2814 61de 95b7 e9b5 4789 3027 7f1f 60d2 > > | SHA-1: d47d 2a8f 6143 b820 936e 4120 cdd1 9ddc 5385 d285 > > | -----BEGIN CERTIFICATE----- > > | MIIC4jCCAcqgAwIBAgIQObhN9c8QnIVGx+ZslzEOmzANBgkqhkiG9w0BAQsFADAa > > | MRgwFgYDVQQDEw9XSU4tTFUwOTI5OTE2MEYwHhcNMjAwNDA0MjI1NjM4WhcNMjAx > > | MDA0MjI1NjM4WjAaMRgwFgYDVQQDEw9XSU4tTFUwOTI5OTE2MEYwggEiMA0GCSqG > > | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA4MPIi4yCYJlBv6vwXF5lu5NbQCPQxk4q > > | 7lJsJSvTRSIFi2fVl3l+rWTr69mutnVqo+bMilJorN2B6DqsCJBV+7pITFSICM6b > > | +G/sOEblVust2tUU8NLbAiBH9oXhF0P5dIhMzRC4pcZjhCRR+IcOjnABTCkdAchD > > | Mf4XQJx6GZOXBCBMXGW/vCKZ0q8gti7Hxs36W1ctbj8/i5obd0k0BonMlvRwKxvi > > | 7SS+3NrBpc4XivD23YIqCNzErOB19DV3JqZMvbE+NhLEQA51Au2svYwgoJcIIyEC > > | HBuINXeFBB+p5dMwp4wppkHN0CuquUyCBZvIPlDW8SAOAc5tgUOJAgMBAAGjJDAi > > | MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsF > > | AAOCAQEAAziR6P3nN9/EKLhZqJKgkWP9FyNr9CusD78wem1C5fn9h7SjS1PQEhn1 > > | Gi50rlcUmII4E8Bnv6g/1QZnZIsPtVzO3bokQfbhTEzWOQ8RScB3ZQ+Tg7xM4duA > > | NZdzR1/hjOOmPBV4ih3+AKmbEZ63V3PuJOn2+0/NsGXzGKhaNhlAof58lXkXrt9x > > | DvmpyfER7oq/3+kPQhXlNK7VZ/dp26BLFQT12be1yyeVck2n/90pXTxV/COaIdsF > > | q7RJPVO+4FCua77sUUSV9E5CL3oOFJT5MjkAMEkoKsU9InWHhA5w+ndQqDgXIb40 > > | 7b3pD6AiS/ZEvSpzCyeVnDprZxVIaQ== > > |_-----END CERTIFICATE----- > > |_ssl-date: 2020-05-31T15:31:23+00:00; +5s from scanner time. > > No exact OS matches for host (If you know what OS is running on it, see > https://nmap.org/submit/ ). > > TCP/IP fingerprint: > > OS:SCAN(V=7.80%E=4%D=5/31%OT=80%CT=1%CU=36494%PV=Y%DS=2%DC=T%G=Y%TM=5ED3CDC > > OS:7%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=I%CI=I%II=I%SS=S%TS= > > OS: U)OPS(O1=M472NW8NNS%O2=M472NW8NNS%O3=M472NW8%O4=M472NW8NNS%O5=M472NW8NNS > > OS:%O6=M472NNS)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)ECN(R=Y% > > OS:DF=Y%T=80%W=FFFF%O=M472NW8NNS%CC=Y%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD= > > OS:0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=0%S > > OS:=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R= > > OS:Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F= > > OS:R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T > > OS:=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD= > > OS: Z) > > > > > Network Distance: 2 hops > > TCP Sequence Prediction: Difficulty=263 (Good luck!) > > IP ID Sequence Generation: Incremental > > Service Info: OS: Windows; CPE: CPE:/o:Microsoft: windows > > > > > Host script results: > > |_clock-skew: mean: 4s, deviation: 0s, median: 4s > > | p2p-conficker: > > | Checking for Conficker.C or higher... > > | Check 1 (port 63696/tcp): CLEAN (Couldn't connect) > > | Check 2 (port 9759/tcp): CLEAN (Couldn't connect) > > | Check 3 (port 11484/udp): CLEAN (Timeout) > > | Check 4 (port 40612/udp): CLEAN (Failed to receive data) > > |_ 0/4 checks are positive: Host is CLEAN or ports are blocked > > | smb2-security-mode: > > | 2.02: > > |_ Message signing enabled but not required > > | smb2-time: > > | date: 2020-05-31T15:30:41 > > |_ start_date: N/A > > > > > TRACEROUTE (using port 111/tcp) > > HOP RTT ADDRESS > > 1 149.26 ms 10.9.0.1 > > 2 149.36 ms 10.10.143.118 > > > > > NSE: Script Post-scanning. > > NSE: Starting runlevel 1 (of 3) scan. > > Initiating NSE at 15:31 > > Completed NSE at 15:31, 0.00s elapsed > > NSE: Starting runlevel 2 (of 3) scan. > > Initiating NSE at 15:31 > > Completed NSE at 15:31, 0.00s elapsed > > NSE: Starting runlevel 3 (of 3) scan. > > Initiating NSE at 15:31 > > Completed NSE at 15:31, 0.00s elapsed > > Read data files from: /usr/bin/../share/nmap > > OS and Service detection performed. Please report any incorrect results at > https://nmap.org/submit/. > > Nmap did: 1 IP address (1 host up) scanned in 95.87 seconds > > Raw packets sent: 1802 (82.810KB) | Rcvd: 1122 (48.122KB) And we got some open ports Port 80 (HTTP) Port 445, and port 3389 (RDP). So now let's check port 80, after opening the website it shows Anthem.com and there are some articles written. Now we are going to check if there are any hidden directories with gobuster. We got many directories we checked all the directories but we didn't get any useful information. After checking the source code we got our first flag in HTML code. And after we opened the article "We are hiring" Now we can see the Author's name and a user's email and after viewing the source code we got our 2nd flag and we clicked on the Author profile and we got our third flag. Now we have to find the 4th flag we viewed the homepage of Anthem.com and viewed the second article " A cheers to our IT department" and after viewing the source code we got our fourth flag. In the IT department article, a poem is written so we googled the poem and we got the username or author name of the poem. And if we looked at this article we can see the email of the author is JD@anthem.com so the username we found from google should have this email SG@anthem.com. So now we have a username let's find the password so we checked for robots.txt file. So from the hints of tryhackme in robots.txt, we have the password let's try to login to RDP. So we can use rdesktop as shown below Type the password you got from robots.txt and you will get successfully logged in and you can read user flag present on the Desktop. Our work has not been finished yet we have to do privilege escalation and get the root flag so now we can search for some hidden directories as per tryhackme hint. So now we have ticked marked to show the hidden file also after we checked in C drive we got a folder named backup and inside backup folder restore.txt file was there. But we don't have permission to view that file but we can change the owner's permission it has so right-click on the text file goto properties and select the Security tab and add a user name "SG" and apply the settings. After open the file again you can read the password present in restore.txt And now we have the administrator password so go to C drive and open users file and open administrator file it will ask you for the password enter the password you got from restore.txt and now you can access the root flag. Tags: Ctf cybersecurity hacker hacking learn hacking tryhackme * Facebook * Twitter * * * * * * Newer Anonymous Walkthrough- TryHackMe * Older Blue Walkthrough -Tryhackme POSTED BY: AKSHAY KERKAR Cybersecurity Enthusiast YOU MAY LIKE THESE POSTS * ANONYMOUS WALKTHROUGH- TRYHACKME June 01, 2020 * ANTHEM WALKTHROUGH - TRYHACKME May 31, 2020 * BLUE WALKTHROUGH -TRYHACKME May 30, 2020 POST A COMMENT 0 COMMENTS Akshay12 [0x9][Omni] 32063 38 13 tryhackme.com SOCIAL PLUGIN * * * * POPULAR POSTS BASIC PENTESTING WALKTHROUGH -TRYHACKME May 29, 2020 BLUE WALKTHROUGH -TRYHACKME May 30, 2020 ANONYMOUS WALKTHROUGH- TRYHACKME June 01, 2020 CATEGORIES TAGS RANDOM POSTS * ANTHEM WALKTHROUGH - TRYHACKME May 31, 2020 * BLUE WALKTHROUGH -TRYHACKME May 30, 2020 * BASIC PENTESTING WALKTHROUGH -TRYHACKME May 29, 2020 MOST RECENT * ANONYMOUS WALKTHROUGH- TRYHACKME June 01, 2020 * ANTHEM WALKTHROUGH - TRYHACKME May 31, 2020 POPULAR POSTS BASIC PENTESTING WALKTHROUGH -TRYHACKME May 29, 2020 BLUE WALKTHROUGH -TRYHACKME May 30, 2020 ANONYMOUS WALKTHROUGH- TRYHACKME June 01, 2020 Crafted with by TemplatesYard | Distributed by Free Blogger Templates Diese Website verwendet Cookies von Google, um Dienste anzubieten und Zugriffe zu analysieren. Deine IP-Adresse und dein User-Agent werden zusammen mit Messwerten zur Leistung und Sicherheit für Google freigegeben. So können Nutzungsstatistiken generiert, Missbrauchsfälle erkannt und behoben und die Qualität des Dienstes gewährleistet werden.Weitere InformationenOk