THM - Lookup
A writeup for the room Lookup on TryHackMe.
User flag
Footprinting
We can start by doing a scan with nmap.
We see only the ports 22 and 80 are open.
Looking for more details about the webserver we can see that the related domain is lookup.thm and it is running Apache.
After adding the domain to the hosts file, we can see the related homepage.
The website consists only of a login form without any other page or anything useful inside the source code.
Analyzing the login page
Common credentials are not working and no SQLi seems to be found even with sqlmap.
Also, no subdirectories or subdomains seem available using Gobuster with common wordlists.
gobuster vhost -u http://MACHINE_IP -domain lookup.thm…