CTF

Anthem Box For Beginners – Try HackMe

This box is for beginners , needs only basic knowledge and some common sense

Task 1

#1 Lets run nmap and check what ports are open? Already completed

#2 What port is for web server ? It is default port 80

#3 what port is for remote desktop service ? It is also the default port , you can good the port for RDP , – 3389

#4 What is a possible password in one of the pages web crawlers check for?

Open the IP , you got in the browser , there is a blog Anthem.com, Here what file does web crawlers check for, and there is a hint given in the question ******.txt . from here we can deduce that this file is robots.txt browsing <IP>/robots.txt , here we can find the password UmbracoIsTheBest!

robots.txt

#5 What CMS is the website using? As in the above robots.txt , you can see there is Disallow: /umbraco/ , with a quick google search I get to know umbraco is a cms -> umbraco

#6 What is the domain of the website? written on top of the site anthem.com

#7 What’s the name of the administrator?

This one is the little tricky one,

as we see in this blog it is written something about admin, with a quick google search of this poem , written here we get to know that this poem is written by Solomon Grundy. Tried this as a admin name got right. yeah 🙂

#8 can we find the email of administrator? As seen in another blog the email of jane Doe is JD@anthem.com, so tried the same format for the solomon got the email SG@anthem.com

Task 2

This complete task is quite simple we just needs to inspect the elements of all the pages to get the flag , there is nothing here to explain.

#1 what is flag1? THM{L0L_WH0_US3S_M3T4} found in meta tags.

#2 what is flag2? THM{G!T_G00D} found in search bar.

#3 what is flag3? THM{L0L_WH0_D15} in author page.

#4 what is flag4? THM{AN0TH3R_M3TA} another in meta tags.

Task 3

#1 figure out username and password? no answer needed but we need to find the user name and password for the matchine. we have lot of data with our website analysis at task1

  • First I tried to login to cms, with the admin email and the password we got in robots.txt , it works but i don’t know why I did that there is nothing in there complete rabit hole.
  • Then I saw we got rdp port open, may be we need to rdp into matchine. so tried with same credentials as CMS, SG@anthem.com, and password : UmbracoIsTheBest!. but didn’t work.
  • Then I suddenly got my eyes on :-

The box is not on domain. Tried same credentials without domain this time. username: SG , password : UmbracoIsTheBest!

#2 content of user.txt? after login this file is on the desktop , you can’t miss it . THM{N00T_N00T}

#3 Can you spot admin password? This one takes lot of my time , I like enumerated every file i can get to, there is a hint file is hidden. so I changed the settings in windows to show hidden files. but still nothing. I saw a folder backup in the “C drive” there is a recover file in it , but I didn’t able to open this . As there are lots of folders that I didn’t have access to requires admin password. Then it hit me this file recover.txt didn’t ask for admin password. Go to the permission give myself permission to read the file. And got it ChangeMeBaby1MoreTime

#4 accelerate to root? just login as admin and on the desktop you get root.txt . THM{Y0U_4R3_1337}

This is it. this was the easy room you should definitely try it. if are even just a beginner I think you can do it. I am also learning not very good myself. but keep learning and happy hacking.

Leave a Reply

Your email address will not be published. Required fields are marked *