Hidden Deep Into my Heart
by othmane01
Hidden Deep Into my Heart is a tryhackme easy challenge in this step-by-step walk-through we’ll solve it together.
Room Link: Startup
websiteo overview :
RECON
cheking the robots.txt :
hmmmm interesting! , cupid_arrow_2026!!! might be a potential cred. let’s save it for later.
Gobuster:
gobuster dir -u http://10.49.128.59:5000/cupids_secret_vault/ -w /usr/share/wordlists/dirb/common.txt -x txt,html,php --no-error -s "200,301" -b "" -t 64
===============================================================
Gobuster v3.8.2
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.49.128.59:5000/cupids_secret_vault/
[+] Method: GET
[+] Threads: 64
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,301
[+] User Agent: gobuster/3.8.2
[+] Extensions: html,php,txt
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
administrator (Status: 200) [Size: 2381]
its looks like a login page :
trying admin:admin to see how the application works:
The response:
lets’ try the cred we’ve found earlier.
Et Voila
FLAG :
THM{l0v3_is_in_th3_r0b0ts_txt}
Special thanks to Tryhackme
that’s it . see you next time
