Member-only story

Magician-TryHackMe

5 min readFeb 23, 2021

This is a write-up for TryHackMe’s room named Magician.Description of the room says that — This magical website lets you convert image file formats.This room can be found at:

https://tryhackme.com/room/magician

Make an entry in /etc/hosts first for “magician” as mentioned. Now Let’s start our enumeration process with nmap.

Enumeration

NMAP

nmap -sC -sV 10.10.148.85

┌──(kali㉿kali)-[/tmp]
└─$ nmap -sC -sV 10.10.148.85
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-22 09:05 EST
Nmap scan report for 10.10.148.85
Host is up (0.023s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        vsftpd 2.0.8 or later
8080/tcp open  http-proxy
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Type: application/json
|     Date: Mon, 22 Feb 2021 14:07:04 GMT
|     Connection: close
|     {"timestamp":"2021-02-22T14:07:05.669+0000","status":404,"error":"Not Found","message":"No message available","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
|   GetRequest: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Type…

Magician-TryHackMe

Enumeration

Written by 0xsanz

No responses yet