Crylo
Learn about the CryptoJS library and JavaScript-based client-side encryption and decryption.
medium
60 min
2,598
Room progress ( 0% )
To access material, start machines and answer questions login.
Task 1Enumeration
Task includes a deployable machine
You have the IP address of your target. The goal is to find open ports and services to enumerate.
Answer the questions below
How many ports are open?
What is the 403/forbidden web page?
Task 2Injection
The goal is to find a way to bypass the login. Find the username and password.
Answer the questions below
What is the name of the first username?
What is the password for the above user?
Task 3Encryption
Find a way to bypass the 2FA PIN and login into the application.
Answer the questions below
Which library is used for encryption and decryption?
Which JSON parameter was used to validate the pin?
Which encryption method is used?
Task 4Forbidden Bypass
Look at the response of the forbidden page after login and find a way to bypass it.
Answer the questions below
What extra header can be used to bypass the page?
Which IP is allowed to access the page?
Task 5Exploitation
Exploit the web app to gain access to the machine and submit the flags.
Answer the questions below
What is the name of the vulnerability used to gain system access?
What is the current system’s username?
What is the user flag?
Which user is part of the sudo group?
What is the password for the above user?
What is the root flag?
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in