To access material, start machines and answer questions login.
Score updated
Score updated
Set up your virtual environment
To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off
You are facing an instance of the open source software "envizon" (https://github.com/evait-security/envizon) which is used by pentesters to visualize networks, find promising targets and a lot of other juicy stuff. It was developed by pentesters and should be almost unbreakable, right? The version 4.0.2alpha used here is still in permanent development and has not been tested for vulnerabilities yet. Your task is to find, exploit and chain vulnerabilities in a white-box approach in order to completely compromise the whole system.
You can find the source code for the current version here: https://gitlab.com/evait-security/envizon_thm
Three hints to start:
- This is not an empty instance. Imagine that it is/was used and therefore contains user data
- Currently a note function is under development
- When looking for code execution on the system, the most obvious way is the best - it is important to understand what the application does
Selenium and with it the screenshot function has been disabled because of the high usage.
Answer the questions below
What password is used by the current envizon instance?
local.txt
root.txt
Ready to learn Cyber Security?
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in
