TryHackMe Writeup— VulnNet

Having fun with TryHackMe again. So, here is the write up and guideline to pass this VulnNet challenge.

Room: https://tryhackme.com/room/vulnnet1
Level: Medium

Task: Can you take advantage of the misconfigurations made by VulnNet Entertainment?

You will have to add a machine IP with domain vulnnet.thm to your /etc/hosts

Lets get started

As usual, start the machine and open the IP in browser

Lets 5 minutes browsing what can do from this webpage.

Nothing special from the UI even the form submit is not working. Ok then, if it’s a webpage, I would run path finder first. Using feroxbuster,

# feroxbuster --url http://vulnnet.thm -w ~/Project/pentest/wordlists/dirb/big.txt -t 20 -C 301,404,403
....
[#########] - 3m     20468/20468   96/s    http://vulnnet.thm
[#########] - 3m     20468/20468   97/s    http://vulnnet.thm/css
[#########] - 3m     20468/20468   97/s    http://vulnnet.thm/fonts
[#########] - 3m     20468/20468   98/s    http://vulnnet.thm/img
[#########] - 3m     20468/20468   98/s…