tryhackme.com Open in urlscan Pro
2606:4700:10::6816:37e4  Public Scan

Form analysis
2 forms found in the DOM

POST /material/deploy

<form class="float-right" method="post" action="/material/deploy">
  <input type="hidden" name="roomCode" value="overpass2hacked">
  <input type="hidden" name="id" value="5f179ed35d57b5338c7781b8">
  <button type="submit" class="btn btn-primary mb-3 ml-3" value="Download" disabled="">
    <i class="fas fa-cloud-download-alt mr-2"></i> Download Task Files</button>
</form>

POST /feedback

<form method="post" action="/feedback" id="roomFeedbackForm" class="d-none mt-3">
  <input type="hidden" name="_csrf" value="A0wO9eYi-jEctF3NQ1CDH2l9p20pByPDOMXI">
  <input type="hidden" name="roomCode" value="overpass2hacked">
  <input type="hidden" name="type" value="rooms">
  <input type="hidden" name="redirect" value="json">
  <div class="form-group">
    <label class="mb-0" for="like">What do you like about the room?</label>
    <textarea type="text" name="like" id="like" class="form-control"></textarea>
  </div>
  <div class="form-group">
    <label class="mb-0" for="dislike">What don't you like about the room?</label>
    <textarea type="text" name="dislike" id="dislike" class="form-control"></textarea>
  </div>
  <div class="form-group">
    <label class="mb-0" for="details">Please send your suggestions, ideas and comments!</label>
    <textarea id="details" type="text" name="details" class="form-control" style="padding: 5px;"></textarea>
  </div>
  <button type="submit" id="submitBtn" class="btn btn-success">Send Feedback</button>
</form>

Text Content

We use cookies to ensure you get the best user experience. For more information
contact us. Read more
Got it!
 * Learn
   Learn
   Hands-on Hacking
   
   Practice
   Reinforce your learning
   
   Search
   Explore over 700 rooms
 * Compete
   King of the Hill
   Attack & Defend
   
   Leaderboards
   Platform Rankings
 * For Education
   Teaching
   Use our security labs
   
   Create Labs
   Upload & Deploy VMs
 * For Business
 * Pricing

 * 
 * Login
 * Join for FREE

 * Learn
 * Compete
   King of the Hill
   Attack & Defend
   
   Leaderboards
   Platform Rankings
 * Networks
   Throwback
   Attacking Active Directory
   
   Wreath
   Network Pivoting
 * For Education
   Teaching
   Use our security labs
   
   Create Labs
   Upload & Deploy VMs
 * For Business
 * Search

 * Login
 * Join for FREE

2425



OVERPASS 2 - HACKED

Start AttackBox
Use Kali Linux
Web-based Kali Machine
Use AttackBox
Recommended
Show Split View Cloud Details Awards Help
Clone Room Writeups Reset Progress Leave

Overpass has been hacked! Can you analyse the attacker's actions and hack back
in?


To access material, start machines and answer questions login.


 * Chart
 * Scoreboard
 * Discuss
 * Writeups
 * More

Difficulty: Easy



Rank Username Total Score


DISCORD

Come join our Discord server for support or further discussions

TryHackMe - Overpass 2 - Hacked by sckull
Try Hack Me: Overpass 2 - Hacked by lightkunyagami
Overpass2 Full Walkthrough Writeup by usernotfound
Overpass 2 - Writeup by rhadamanthus
Overpass 2 - writeUp by kuroHat
Overpass 2 Writeup - THM by entombed
Overpass 2 - Writeup by laf3r
TryHackMe: Overpass 2 — Hacked Walkthrough by PlayerTwo
THM: Overpass 2 by 0xNirvana
THM: Overpass 2 hacked - Writeup by tzero86
Overpass 2 - Full walkthrough (Without Wireshark) by cmnatic
Overpass 2-Hacked Write-up by HyperNova11
TryHackMe: Overpass 2 by 0xNirvana
TryHackMe - Overpass 2 - Walkthrough by beedubz
thm/overpass2_hacked by M4t35Z
Overpass2 Writeup by DonMichele
Walk-through of Overpass 2 - Hacked by pencer
OverPass 2 - Hacked THM by ElKamPa
Overpass 2 - Hacked | Walkthrough by sAsPeCt
TryHackMe solution: Overpass 2 – Hacked by niekdang

Add Writeup
Submit

Writeups should have a link to TryHackMe and not include any passwords/cracked
hashes/flags

This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 49323 users are in here and this room is 1196 days
old.





Created by NinjaJc01




Active Machine Information
Loading...
Loading...
Loading...
Loading...
0%
Task 1 Forensics - Analyse the PCAP
Download Task Files

Overpass has been hacked! The SOC team (Paradox, congratulations on the
promotion) noticed suspicious activity on a late night shift while looking at
shibes, and managed to capture packets as the attack happened.

Can you work out how the attacker got in, and hack your way back into Overpass'
production server?

Note: Although this room is a walkthrough, it expects familiarity with tools and
Linux. I recommend learning basic Wireshark and completing Linux Fundamentals as
a bare minimum.


md5sum of PCAP file: 11c3b2e9221865580295bc662c35c6dc

Answer the questions below
What was the URL of the page they used to upload a reverse shell?
Login to answer..

What payload did the attacker use to gain access?


Login to answer..
Hint

What password did the attacker use to privesc?

Login to answer..
Hint

How did the attacker establish persistence?

Login to answer..

Using the fasttrack wordlist, how many of the system passwords were crackable?

Login to answer..
Hint
Task 2 Research - Analyse the code

Now that you've found the code for the backdoor, it's time to analyse it.

Answer the questions below
What's the default hash for the backdoor?
Login to answer..
Hint

What's the hardcoded salt for the backdoor?


Login to answer..
Hint

What was the hash that the attacker used? - go back to the PCAP for this!


Login to answer..
Hint

Crack the hash using rockyou and a cracking tool of your choice. What's the
password?


Login to answer..
Hint
Task 3 Attack - Get back in!
Start Machine

Now that the incident is investigated, Paradox needs someone to take control of
the Overpass production server again.

There's flags on the box that Overpass can't afford to lose by formatting the
server!

Answer the questions below
The attacker defaced the website. What message did they leave as a heading?
Login to answer..

Using the information you've found previously, hack your way back in!

Login to answer..
Hint

What's the user flag?

Login to answer..
Hint

What's the root flag?

Login to answer..
Hint

Created by NinjaJc01

This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 49323 users are in here and this room is 1196 days
old.

--------------------------------------------------------------------------------

Copyright TryHackMe 2018-2023128 City Road, London, EC1V 2NX

LEARN

 * Hacktivities
 * Leaderboards
 * Paths

DOCS

 * Teaching
 * About Us
 * Blog
 * Buy Vouchers

SOCIALS

 * Twitter
 * Email
 * Discord
 * Forum

WEB-BASED MACHINE INFORMATION

Use the web-based machine to attack other target machines you start on
TryHackMe.

 * Public IP:
 * Private IP: (Use this for your reverse shells)
 * Username:
 * Password:
 * Protocol:

--------------------------------------------------------------------------------

 * To copy to and from the browser-based machine, highlight the text and press
   CTRL+SHIFT+C or use the clipboard
 * When accessing target machines you start on TryHackMe tasks, make sure you're
   using the correct IP (it should not be the IP of your AttackBox)

×


Complete the room to earn this badge

QUESTION HINT

×


...

×




CONGRATULATIONS

You've completed the room! Share this with your friends:

EARN THE FIRST FOUR BADGE

Complete four rooms in your first week to earn the First Four badge




Share with your friends






Leave feedback

What do you like about the room?
What don't you like about the room?
Please send your suggestions, ideas and comments!
Send Feedback



TO ACCESS THIS MACHINE, YOU NEED TO EITHER

×

Use a VPN

Connect to our network via a VPN

See Instructions
or

Use the AttackBox

Use a web-based attack machine (recommended)

Start AttackBox


EXPIRING SOON

Your machine is going to expire soon. Close this and add an hour to stop it from
terminating!

Close


EXPIRED MACHINE

Your machine has expired and terminated.

Close

HOW TO ACCESS MACHINES

×

Now you've started your machine, to access it you need to either

Download your VPN configuration file and import it into a OpenVPN client

Control a web-based machine with everything you need, all from inside your
browser



×

Close

RESET YOUR PROGRESS

×
Warning You will keep your points but all your answers in this room will be
erased.
Yes, please!

CLOUD INFORMATION

×
 * Environment
 * Credentials




GENERATING YOUR CERTIFICATE

×

HEY THERE, WHAT'S YOUR NAME?

If you want your name to appear on your certificate, please fill the field
below.

Full Name

YOU'RE HERE INCOGNITO? IT'S OK!

If you chose skip, your username will be used instead!

Generate with my full name
Generate with my username
Video Solution
Writeups

Forum Post

Knowledge Base

Ask Community
Show Connection Options

To access target machines you need to either:

AttackBox

Use a browser-based attack machine

OpenVPN

Connect to our network via a VPN

View the dedicated OpenVPN access page for more information

WHAT OPERATING SYSTEM ARE YOU USING?

 * Windows
 * Linux
 * MacOS

 1. Download your OpenVPN configuration pack.
 2. Download the OpenVPN GUI application.
 3. Install the OpenVPN GUI application. Then open the installer file and follow
    the setup wizard.
 4. Open and run the OpenVPN GUI application as Administrator.
    
 5. The application will start running in the system tray. It's at the bottom of
    your screen, near the clock. Right click on the application and click Import
    File.
    
 6. Select the configuration file you downloaded earlier.
 7. Now right click on the application again, select your file and click Connect
    

 1. Download your OpenVPN configuration pack.
 2. Run the following command in your terminal: sudo apt install openvpn
 3. Locate the full path to your VPN configuration file (normally in your
    ~/Downloads folder).
 4. Use your OpenVPN file with the following command: sudo openvpn
    /path/to/file.ovpn

 1. Download your OpenVPN configuration pack.
 2. Download OpenVPN for MacOS.
 3. Install the OpenVPN GUI application, by opening the dmg file and following
    the setup wizard.
    
 4. Open and run the OpenVPN GUI application.
 5. The application will start running and appear in your top bar. Right click
    on the application and click Import File -> Local file.
    
 6. Select the configuration file you downloaded earlier.
 7. Right click on the application again, select your file and click connect.
    

HAVING PROBLEMS?

 * If you can access 10.10.10.10, you're connected.
 * Downloading and getting a 404? Go the access page and switch VPN servers.
 * Getting inline cert error? Go the access page and switch VPN servers.
 * If you are using a virtual machine, you will need to run the VPN inside that
   machine.
 * Is the OpenVPN client running as root? (On Windows, run OpenVPN GUI as
   administrator. On Linux, run with sudo)
 * Have you restarted your VM?
 * Is your OpenVPN up-to-date?
 * Only 1 OpenVPN connection is allowed. (Run ps aux | grep openvpn - are there
   2 VPN sessions running?)
 * Still having issues? Check our docs out.

ATTACKBOX

Use your own web-based linux machine to access machines on TryHackMe

To start your AttackBox in the room, click the Start AttackBox button. Your
private machine will take 2 minutes to start.

Free users get 1 free AttackBox hour. Subscribed users get more powerful
machines with unlimited deploys.

Hide IP