THM: CyberHeroes

      Nessun commento su THM: CyberHeroes

Dear friends, today I will show you how to resolve the CyberHeroes challenge tryhackme.

Let’s start with a service/port scan

Initial scanning  

nmap -sC -sV -p- -Pn $IP

It is evident that there is a web service running on port 80 after some dir busting the only interesting part is the login.html page.

If we examine the source code of the page, we can see that the authenticate() javascript function is invoked when we press the login button.

The function reveals the username and password for the login, however the password must be reversed

It is possible to obtain the reverse password using python

print (“54321@terceSrepuS”[::-1])

We will finally get the flag by providing the credentials found it.