Madness — TryHackMe Write-up | Karthikeyan
Will you be consumed by Madness?
Task 1
- User.txt
The Source code of the <machine-ip> displays a Image link
thm.jpg is Damaged, So Let us try to fix it with ghex
sudo apt install ghex
ghex thm.jpg
The Result is ,
Let’s Navigate into /th1s_1s_h1dd3n
Let’s Give Parameter as ?secret=1
It is Accepting the value. So Let’s Bruteforce the Parameter value with Burpsuite’s Intruder
Use Payload type as Numbers, From as 0, To as 99 and Step as 1
Start the Attack. Now you can Able to see a Request with different Length
Let’s Change the Value of secret Parameter to 73
Now we got a Code which we can use it to Extract Info From thm.jpg that we Already Found!!!
steghide extract -sf thm.jpppassword is in the Above Picture
Now we got a Username!! Looks like a Encrypted Code
The Rooms Hint saying that there is a ROT Encryption. So Let’s try to decode using this Website
Username: Joker and Password is Hidden inside the Image which is Given in the Room.
Let’s Download the Image and try to extract any Information using Steghide
Now we got the Password - *axA&GF8dP
Let’s Login into ssh
Ans: THM{d5781e53b130efe2f94f9b0354a5e4ea}
2. root.txt
We Find an Exploit with the Below Command — screen 4.5.0 exploit
find /bin -perm -4000
nano exploit.shCopy the code From screen 4.5.0 exploit into the Exploit.sh in the Target Machine and Change the Permissions to Execute
chmod +x exploit.sh
./exploit.sh
Now we got Root Shell!!!
cd /root
cat root.txt
Thankyou For Reading!!!
Happy hacking!!
Author — Karthikeyan N | Cyberw1ng 
