Open in app

Sign in

Write

Sign in

Member-only story

THM - Crylo

Francesco Pastore
7 min readApr 22, 2025

A writeup for the room Crylo on TryHackMe

Learn about the CryptoJS library and JavaScript-based client-side encryption and decryption.

Crylo

Learn about the CryptoJS library and JavaScript-based client-side encryption and decryption.

tryhackme.com

Task 1 - Enumeration

How many ports are open?

After starting the machine, we can do a scan with nmap to find the first answer.

nmap -sS -p- -v MACHINE_IP

What is the 403/forbidden web page?

Look at the website in the browser and check the source code.

All available pages return a 404 error.

Nothing seems to be interesting, so we can try using gobuster to enumerate possible subfolders.

It is important to set the -s flag to get also the results with status code 403.

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
  -x php,txt,html,css,js -q -s "200,403" -u WEBSITE_URL

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

145 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech