TakeOver — Tryhackme Writeup
Takeover is a tryhackme room based on subdomain takeover. It is an easy room and I had a lot of fun solving it
Intoduction
“Hello there,
I am the CEO and one of the co-founders of futurevera.thm. In Futurevera, we believe that the future is in space. We do a lot of space research and write blogs about it. We used to help students with space questions, but we are rebuilding our support.
Recently blackhat hackers approached us saying they could takeover and are asking us for a big ransom. Please help us to find what they can takeover.
Our website is located at https://futurevera.thm
Hint: Don’t forget to add the Machine IP in /etc/hosts for futurevera.thm ; )”
Nmap Scan
I started with a basic nmap scan and got the results as follows:
We can see many ports are open, I started with the HTTPS (port 443) as the HTTP port redirects to “https://futurevera.thm”. First we have to save the domain name in the /etc/hosts file. My /etc/hosts file looks something like this.
We can no visit the webpage by going to “https://futurevera.thm”.
Enumeration
I started with subdomain enumeration as the name of the room is Takeover so I thought maybe that is what the room is pointing at. I used ffuf for subdomain enumeration and got these subdomains.
Note: I have filter sizes as i got errors for those sizes.
Make changes in your /etc/hosts file and go to the websites.
On the support website I checked the certificate of the website and I found a DNS name.
Again make changes to the /etc/hosts file by adding the subdomain we found. By going to that URL we can see the flag in the subdomain.
This was all about the TakeOver room from TryHackMe. Finding the final DNS name from the SSL Certificate was a little bit tricky for me but had a lot of fun solving these challenges.
TryHackme id — https://tryhackme.com/p/anish833
Hope you have learned something new from this write-up.
Happy Hacking !!!
