“Grinch Enterprises have also tried to block communication between anyone at the company. They’ve locked everyone out of their email systems and McSysAdmin has also lost access to their admin panel. Can you find the admin panel and help restore communication for the Best Festival Company.”
Link to Room: https://tryhackme.com/room/adventofcyber3
Question #1: Using a common wordlist for discovering content, enumerate http://10.10.76.176 to find the location of the administrator dashboard. What is the name of the folder?
I am using the TryHackMe attack box for this.
If you look through the results, you can see the name of the folder here:
Question #2: In your web browser, try some default credentials on the newly discovered login form for the “administrator” user. What is the password?
Use your web browser to open up that admin panel:
From here, right-click and choose “view source”. You will see this section here with a link to the login script they are using:
This will open up in a separate window here:
Where you can see that the username and password are both “administrator”
Question #3: Access the admin panel. What is the value of the flag?
Use those credentials to access the admin panel. Your flag is near the bottom:
Happy Holidays! ❤