In this post, I would like to share some technical areas that I have to try on TryHackMe website. I’m also still learning about CyberSecurity stuff and it’s a lot website learn and power up your skills.

I want to credit this challenges to people below:

Let’s get started with the challenges!

Let deploy the machine by clicking the deploy “button”

For my case, my victim’s ip would be 10.10.211.255 as shown below:

Once you see the interface above, you will need to register the username and password. I register the username and password as “test”

Once successfully login via the username and password that you have register before.

The first question can be answered as auth where the second and third question’s answer can be seen within the value hash.

If you see the value hash, you will notice that the value have been combined with ABC and Numbers from 1-9. The digit contains 16 Hexadecimal

Source: CyberChef Github

Reference: Hexadecimal

Another thing that you will notice would be JSON is been included in the value hash which JSON is a text which we can convert any type of JavaScript object into JSON type to be sent to the server.

For the user to gain the Hexadecimal for the santa’s cookie, you need to change the username to santa’s user as shown as screenshot above.

For the last question on the day, you will need to enable all control and you see the flag for the last question as shown below: