THM - Include

A writeup for the room Include on TryHackMe

Use your server exploitation skills to take control of a web app.

https://tryhackme.com/room/include

Footprinting​

We can start by doing a scan with nmap

nmap -sS TARGET_IP

The services on port 4000 and 50000 could be interesting:

nmap -A -p 4000,50000 TARGET_IP

They are both web servers.

The one on port 4000 is a login page.

The service on port 50000 is an admin panel.

What is the flag value after logging in to the SysMon app?

We can try to login to the website on port 4000 with guest:guest as credentials.