Introduction Detailed walkthroughs for U.A. High School CTF challenges on TryHackMe . Summary This CTF challenge required participants to identify and exploit a hidden OS command injection vulnerability in the U.A. Superhero Academy’s website. Successful exploitation led to gaining root privileges on the system. Vulnerability The website contains a hidden functionality that allows for the execution of shell commands. This vulnerability can be exploited to gain unauthorized access to the system.

Introduction Detailed walkthrough for CyberLens CTF challenges on TryHackMe . Tools Used rustscan, ping, burpsuite, nc, metasploit, msfvenom. Enumeration Lets start the process by mapping host-name to target IP address. mapping cyberlens.thm to the target IP address When any user or application on the system tries to access cyberlens.thm, it will be directed to the IP address specified in the /etc/hosts file. Lets use rustscan for port scanning the target domain.