envizon
Attacking the pentesters
hard
120 min
Room progress ( 0% )
To access material, start machines and answer questions login.
Task 1Targeting a modern web application
Task includes a deployable machine
You are facing an instance of the open source software "envizon" (https://github.com/evait-security/envizon) which is used by pentesters to visualize networks, find promising targets and a lot of other juicy stuff. It was developed by pentesters and should be almost unbreakable, right? The version 4.0.2alpha used here is still in permanent development and has not been tested for vulnerabilities yet. Your task is to find, exploit and chain vulnerabilities in a white-box approach in order to completely compromise the whole system.
You can find the source code for the current version here: https://gitlab.com/evait-security/envizon_thm
Three hints to start:
- This is not an empty instance. Imagine that it is/was used and therefore contains user data
- Currently a note function is under development
- When looking for code execution on the system, the most obvious way is the best - it is important to understand what the application does
Selenium container and with it the screenshot function has been disabled because of the high ram usage.
Answer the questions below
What password is used by the current envizon instance?
local.txt
root.txt
Created by
Room Type
Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!
Users in Room
1,889
Created
1735 days ago
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in