Room Banner

envizon

Attacking the pentesters

hard

120 min

Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Targeting a modern web application
You are facing an instance of the open source software "envizon" (https://github.com/evait-security/envizon) which is used by pentesters to visualize networks, find promising targets and a lot of other juicy stuff. It was developed by pentesters and should be almost unbreakable, right? The version 4.0.2alpha used here is still in permanent development and has not been tested for vulnerabilities yet. Your task is to find, exploit and chain vulnerabilities in a white-box approach in order to completely compromise the whole system.

You can find the source code for the current version here: https://gitlab.com/evait-security/envizon_thm

Three hints to start:

  • This is not an empty instance. Imagine that it is/was used and therefore contains user data
  • Currently a note function is under development
  • When looking for code execution on the system, the most obvious way is the best - it is important to understand what the application does

Selenium container and with it the screenshot function has been disabled because of the high ram usage.
Answer the questions below
What password is used by the current envizon instance?

local.txt

root.txt

Created by

Room Type

Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!

Users in Room

1,889

Created

1735 days ago

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more