Sustah -TryHackMe

Play a game to gain access to a vulnerable CMS. Can you beat the odds?The developers have added anti-cheat measures to their game. Are you able to defeat the restrictions to gain access to their internal CMS?

Where to find this room?

https://tryhackme.com/room/sustah

Enumeration

NMAP

# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- 10.10.59.72

# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,80,8085 10.10.59.72

Directory Busting

⇒ ffuf -u http://10.10.112.173:8085/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -c