Member-only story
Chocolate Factory Tryhackme Writeup
5 min readAug 24, 2024
Room link: https://tryhackme.com/room/chocolatefactory
Note: This room is free
Enumeration
Room link: https://tryhackme.com/room/malstrings
Note: This room is free
So what do we have here?
- Port 21: FTP which allowing anonymous login and the file „gum_room.jpg“ because nmap was executing the anonymous login for us
- Port 22: SSH
- Port 80: Apache Webserver
- Port 100, 106, 109, 110, 111, 113, 119, 125 (all with the same service banner)
After i rooted the the box i realized that they were two slightly different routes.
- Path 1,
- Path 2,
Path 1
I try sql Injection to bypass login but bad luck
Gobuster
gobuster dir -u 10.10.208.225 -w directory-list-2.3-medium.txt -t…
