tryhackme.com
Open in
urlscan Pro
2606:4700:10::6816:37e4
Public Scan
URL:
https://tryhackme.com/room/overpass2hacked
Submission: On November 23 via manual from IE — Scanned from DE
Submission: On November 23 via manual from IE — Scanned from DE
Form analysis
2 forms found in the DOMPOST /material/deploy
<form class="float-right" method="post" action="/material/deploy">
<input type="hidden" name="roomCode" value="overpass2hacked">
<input type="hidden" name="id" value="5f179ed35d57b5338c7781b8">
<button type="submit" class="btn btn-primary mb-3 ml-3" value="Download" disabled="">
<i class="fas fa-cloud-download-alt mr-2"></i> Download Task Files</button>
</form>
POST /feedback
<form method="post" action="/feedback" id="roomFeedbackForm" class="d-none mt-3">
<input type="hidden" name="_csrf" value="A0wO9eYi-jEctF3NQ1CDH2l9p20pByPDOMXI">
<input type="hidden" name="roomCode" value="overpass2hacked">
<input type="hidden" name="type" value="rooms">
<input type="hidden" name="redirect" value="json">
<div class="form-group">
<label class="mb-0" for="like">What do you like about the room?</label>
<textarea type="text" name="like" id="like" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="dislike">What don't you like about the room?</label>
<textarea type="text" name="dislike" id="dislike" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="details">Please send your suggestions, ideas and comments!</label>
<textarea id="details" type="text" name="details" class="form-control" style="padding: 5px;"></textarea>
</div>
<button type="submit" id="submitBtn" class="btn btn-success">Send Feedback</button>
</form>
Text Content
We use cookies to ensure you get the best user experience. For more information contact us. Read more Got it! * Learn Learn Hands-on Hacking Practice Reinforce your learning Search Explore over 700 rooms * Compete King of the Hill Attack & Defend Leaderboards Platform Rankings * For Education Teaching Use our security labs Create Labs Upload & Deploy VMs * For Business * Pricing * * Login * Join for FREE * Learn * Compete King of the Hill Attack & Defend Leaderboards Platform Rankings * Networks Throwback Attacking Active Directory Wreath Network Pivoting * For Education Teaching Use our security labs Create Labs Upload & Deploy VMs * For Business * Search * Login * Join for FREE 2425 OVERPASS 2 - HACKED Start AttackBox Use Kali Linux Web-based Kali Machine Use AttackBox Recommended Show Split View Cloud Details Awards Help Clone Room Writeups Reset Progress Leave Overpass has been hacked! Can you analyse the attacker's actions and hack back in? To access material, start machines and answer questions login. * Chart * Scoreboard * Discuss * Writeups * More Difficulty: Easy Rank Username Total Score DISCORD Come join our Discord server for support or further discussions TryHackMe - Overpass 2 - Hacked by sckull Try Hack Me: Overpass 2 - Hacked by lightkunyagami Overpass2 Full Walkthrough Writeup by usernotfound Overpass 2 - Writeup by rhadamanthus Overpass 2 - writeUp by kuroHat Overpass 2 Writeup - THM by entombed Overpass 2 - Writeup by laf3r TryHackMe: Overpass 2 — Hacked Walkthrough by PlayerTwo THM: Overpass 2 by 0xNirvana THM: Overpass 2 hacked - Writeup by tzero86 Overpass 2 - Full walkthrough (Without Wireshark) by cmnatic Overpass 2-Hacked Write-up by HyperNova11 TryHackMe: Overpass 2 by 0xNirvana TryHackMe - Overpass 2 - Walkthrough by beedubz thm/overpass2_hacked by M4t35Z Overpass2 Writeup by DonMichele Walk-through of Overpass 2 - Hacked by pencer OverPass 2 - Hacked THM by ElKamPa Overpass 2 - Hacked | Walkthrough by sAsPeCt TryHackMe solution: Overpass 2 – Hacked by niekdang Add Writeup Submit Writeups should have a link to TryHackMe and not include any passwords/cracked hashes/flags This is a free room, which means anyone can deploy virtual machines in the room (without being subscribed)! 49323 users are in here and this room is 1196 days old. Created by NinjaJc01 Active Machine Information Loading... Loading... Loading... Loading... 0% Task 1 Forensics - Analyse the PCAP Download Task Files Overpass has been hacked! The SOC team (Paradox, congratulations on the promotion) noticed suspicious activity on a late night shift while looking at shibes, and managed to capture packets as the attack happened. Can you work out how the attacker got in, and hack your way back into Overpass' production server? Note: Although this room is a walkthrough, it expects familiarity with tools and Linux. I recommend learning basic Wireshark and completing Linux Fundamentals as a bare minimum. md5sum of PCAP file: 11c3b2e9221865580295bc662c35c6dc Answer the questions below What was the URL of the page they used to upload a reverse shell? Login to answer.. What payload did the attacker use to gain access? Login to answer.. Hint What password did the attacker use to privesc? Login to answer.. Hint How did the attacker establish persistence? Login to answer.. Using the fasttrack wordlist, how many of the system passwords were crackable? Login to answer.. Hint Task 2 Research - Analyse the code Now that you've found the code for the backdoor, it's time to analyse it. Answer the questions below What's the default hash for the backdoor? Login to answer.. Hint What's the hardcoded salt for the backdoor? Login to answer.. Hint What was the hash that the attacker used? - go back to the PCAP for this! Login to answer.. Hint Crack the hash using rockyou and a cracking tool of your choice. What's the password? Login to answer.. Hint Task 3 Attack - Get back in! Start Machine Now that the incident is investigated, Paradox needs someone to take control of the Overpass production server again. There's flags on the box that Overpass can't afford to lose by formatting the server! Answer the questions below The attacker defaced the website. What message did they leave as a heading? Login to answer.. Using the information you've found previously, hack your way back in! Login to answer.. Hint What's the user flag? Login to answer.. Hint What's the root flag? Login to answer.. Hint Created by NinjaJc01 This is a free room, which means anyone can deploy virtual machines in the room (without being subscribed)! 49323 users are in here and this room is 1196 days old. -------------------------------------------------------------------------------- Copyright TryHackMe 2018-2023128 City Road, London, EC1V 2NX LEARN * Hacktivities * Leaderboards * Paths DOCS * Teaching * About Us * Blog * Buy Vouchers SOCIALS * Twitter * Email * Discord * Forum WEB-BASED MACHINE INFORMATION Use the web-based machine to attack other target machines you start on TryHackMe. * Public IP: * Private IP: (Use this for your reverse shells) * Username: * Password: * Protocol: -------------------------------------------------------------------------------- * To copy to and from the browser-based machine, highlight the text and press CTRL+SHIFT+C or use the clipboard * When accessing target machines you start on TryHackMe tasks, make sure you're using the correct IP (it should not be the IP of your AttackBox) × Complete the room to earn this badge QUESTION HINT × ... × CONGRATULATIONS You've completed the room! Share this with your friends: EARN THE FIRST FOUR BADGE Complete four rooms in your first week to earn the First Four badge Share with your friends Leave feedback What do you like about the room? What don't you like about the room? Please send your suggestions, ideas and comments! Send Feedback TO ACCESS THIS MACHINE, YOU NEED TO EITHER × Use a VPN Connect to our network via a VPN See Instructions or Use the AttackBox Use a web-based attack machine (recommended) Start AttackBox EXPIRING SOON Your machine is going to expire soon. Close this and add an hour to stop it from terminating! Close EXPIRED MACHINE Your machine has expired and terminated. Close HOW TO ACCESS MACHINES × Now you've started your machine, to access it you need to either Download your VPN configuration file and import it into a OpenVPN client Control a web-based machine with everything you need, all from inside your browser × Close RESET YOUR PROGRESS × Warning You will keep your points but all your answers in this room will be erased. Yes, please! CLOUD INFORMATION × * Environment * Credentials GENERATING YOUR CERTIFICATE × HEY THERE, WHAT'S YOUR NAME? If you want your name to appear on your certificate, please fill the field below. Full Name YOU'RE HERE INCOGNITO? IT'S OK! If you chose skip, your username will be used instead! Generate with my full name Generate with my username Video Solution Writeups Forum Post Knowledge Base Ask Community Show Connection Options To access target machines you need to either: AttackBox Use a browser-based attack machine OpenVPN Connect to our network via a VPN View the dedicated OpenVPN access page for more information WHAT OPERATING SYSTEM ARE YOU USING? * Windows * Linux * MacOS 1. Download your OpenVPN configuration pack. 2. Download the OpenVPN GUI application. 3. Install the OpenVPN GUI application. Then open the installer file and follow the setup wizard. 4. Open and run the OpenVPN GUI application as Administrator. 5. The application will start running in the system tray. It's at the bottom of your screen, near the clock. Right click on the application and click Import File. 6. Select the configuration file you downloaded earlier. 7. Now right click on the application again, select your file and click Connect 1. Download your OpenVPN configuration pack. 2. Run the following command in your terminal: sudo apt install openvpn 3. Locate the full path to your VPN configuration file (normally in your ~/Downloads folder). 4. Use your OpenVPN file with the following command: sudo openvpn /path/to/file.ovpn 1. Download your OpenVPN configuration pack. 2. Download OpenVPN for MacOS. 3. Install the OpenVPN GUI application, by opening the dmg file and following the setup wizard. 4. Open and run the OpenVPN GUI application. 5. The application will start running and appear in your top bar. Right click on the application and click Import File -> Local file. 6. Select the configuration file you downloaded earlier. 7. Right click on the application again, select your file and click connect. HAVING PROBLEMS? * If you can access 10.10.10.10, you're connected. * Downloading and getting a 404? Go the access page and switch VPN servers. * Getting inline cert error? Go the access page and switch VPN servers. * If you are using a virtual machine, you will need to run the VPN inside that machine. * Is the OpenVPN client running as root? (On Windows, run OpenVPN GUI as administrator. On Linux, run with sudo) * Have you restarted your VM? * Is your OpenVPN up-to-date? * Only 1 OpenVPN connection is allowed. (Run ps aux | grep openvpn - are there 2 VPN sessions running?) * Still having issues? Check our docs out. ATTACKBOX Use your own web-based linux machine to access machines on TryHackMe To start your AttackBox in the room, click the Start AttackBox button. Your private machine will take 2 minutes to start. Free users get 1 free AttackBox hour. Subscribed users get more powerful machines with unlimited deploys. Hide IP