THM - Dreaming

A writeup for the room Dreaming on TryHackMe

Solve the riddle that dreams have woven.

Dreaming

Footprinting

We can start by scanning the machine with nmap.

nmap -sS -v MACHINE_IP

Only ports 22 and 80 are open.

If we try to open the web server in the browser, we will only find the Apache default page.

We can try to enumerate subdirectories with Gobuster hoping to find something useful.

gobuster dir -u MACHINE_IP -w /usr/share/wordlists/dirb/big.txt

If we go to /app we can see a folder called pluck.

The folder contains a Pluck instance.