Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

Crylo

Learn about the CryptoJS library and JavaScript-based client-side encryption and decryption.

medium

60 min

3,507

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Score updated
Score updated

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off
You have the IP address of your target. The goal is to find open ports and services to enumerate.
Answer the questions below
How many ports are open?

What is the 403/forbidden web page?

The goal is to find a way to bypass the login. Find the username and password.
Answer the questions below

What is the name of the first username?

What is the password for the above user?

Find a way to bypass the 2FA PIN and login into the application.
Answer the questions below
Which library is used for encryption and decryption?

Which JSON parameter was used to validate the pin?

Which encryption method is used?

Look at the response of the forbidden page after login and find a way to bypass it.
Answer the questions below
What extra header can be used to bypass the page?

Which IP is allowed to access the page?

Exploit the web app to gain access to the machine and submit the flags.
Answer the questions below
What is the name of the vulnerability used to gain system access?

What is the current system’s username?

What is the user flag?

Which user is part of the sudo group?

What is the password for the above user?

What is the root flag?