Beginner and Easy CTF | TryHackme Wgel CTF

This post is a detailed walkthrough of the Wiggle CTF challenge on TryHackMe. The objective of this Capture The Flag (CTF) exercise is to extract two flags (user and root) from the target system. The walkthrough focuses on enumeration, directory scanning, exploiting vulnerabilities, and strategic file exploration.

HackTheBox CPTS Study Notes

OSCP Study Notes

Key Steps and Methodology:

1. Initial Reconnaissance:
   • Nmap Scan:
     • Scanned for open ports.
     • Identified open ports: 22 (SSH) and 80 (HTTP).
   • Aggressive scan revealed version details and services.
2. Web Server Enumeration:
   • Exploring Port 80:
     • Found an Apache default page.
     • Used gobuster to enumerate directories.
     • Discovered /sitemap/ and /sl.SSH/ directories.
3. Exploitation:
   • Found a private key (id_rsa) in /sl.SSH/.
   • Discovered a username (Jesse) in the HTML source code of the Apache default page.
   • Used the username and private key to access the system via SSH.
4. User Flag Retrieval:
   • Explored the system post-login as Jesse.
   • Used the find command to locate the user flag file in ~/documents.
   • Extracted and displayed the user flag.
5. Root Flag Retrieval:
   • Privilege Escalation:
     • Identified sudo permissions for wget without a password.
   • Guessed the root flag file name and directory (/root/root_uncore_flag) using trial and error.
   • Created a listener with netcat and used wget to send the root flag content to the listener.

Key Takeaways:

• Enumeration is crucial in CTF challenges.
• The walkthrough highlights common tools like Nmap, gobuster, and find.
• Strategic guessing combined with privilege escalation helps overcome limited permissions.
• Properly analyzing available clues, such as comments in source code and directory names, can lead to successful exploitation.

TryHackMe Wgel CTF | Room Answers

User flag
057c67131c3d5e42dd5cd3075b198ff6

Root flag

b1b968b37519ad1daa6408188649263d

Video Walkthrough