Advent of Cyber 2021 — [Day 3] Christmas Blackout

Grinch Enterprises have also tried to block communication between anyone at the company. They’ve locked everyone out of their email systems and McSysAdmin has also lost access to their admin panel. Can you find the admin panel and help restore communication for the Best Festival Company.”

Link to Room: https://tryhackme.com/room/adventofcyber3

Question #1: Using a common wordlist for discovering content, enumerate http://10.10.76.176 to find the location of the administrator dashboard. What is the name of the folder?

I am using the TryHackMe attack box for this.

If you look through the results, you can see the name of the folder here:

admin

Question #2: In your web browser, try some default credentials on the newly discovered login form for the “administrator” user. What is the password?

Use your web browser to open up that admin panel:

From here, right-click and choose “view source”. You will see this section here with a link to the login script they are using:

This will open up in a separate window here:

Where you can see that the username and password are both “administrator”

administrator

Question #3: Access the admin panel. What is the value of the flag?

Use those credentials to access the admin panel. Your flag is near the bottom:

THM{ADM1N_AC3SS}

Happy Holidays! ❤

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samantha

Samantha

CTF Writeups to facilitate cyber education.