Wekor — TryHackMe

0xsanz
10 min readMar 9, 2021
Wekor THM

CTF challenge involving Sqli , WordPress , vhost enumeration and recognizing internal services ;) This room can be found here:

https://tryhackme.com/room/wekorra

Before starting add an entry in to /etc/hosts file on your attacking box with with the IP Address of the target we got and a name “wekor.thm”:

10.10.110.202 wekor.thm

Enumeration

NMAP

# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- wekor.thm

┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -sS -Pn -T4 -p- wekor.thm
Not shown: 65533 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,80 10.10.98.254

┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -O -A -Pn -T4 -p22,80 wekor.thm
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 95:c3:ce:af:07:fa:e2:8e:29:04:e4:cd:14:6a:21:b5 (RSA)
| 256 4d:99:b5:68:af:bb:4e:66:ce:72:70:e6:e3:f8:96:a4 (ECDSA)
|_ 256…

--

--

0xsanz
0xsanz

Written by 0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204,AZ500

No responses yet