Wekor — TryHackMe

0xsanz
10 min readMar 9, 2021
Wekor THM

CTF challenge involving Sqli , WordPress , vhost enumeration and recognizing internal services ;) This room can be found here:

https://tryhackme.com/room/wekorra

Before starting add an entry in to /etc/hosts file on your attacking box with with the IP Address of the target we got and a name “wekor.thm”:

10.10.110.202 wekor.thm

Enumeration

NMAP

# Identify the list of services running on the target machine
⇒ sudo nmap -sS -Pn -T4 -p- wekor.thm

┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -sS -Pn -T4 -p- wekor.thm
Not shown: 65533 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

# Perform further information gathering on the open ports identified above
⇒ sudo nmap -O -A -Pn -T4 -p22,80 10.10.98.254

┌──(kali㉿kali)-[/tmp]
└─$ sudo nmap -O -A -Pn -T4 -p22,80 wekor.thm
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 95:c3:ce:af:07:fa:e2:8e:29:04:e4:cd:14:6a:21:b5 (RSA)
| 256 4d:99:b5:68:af:bb:4e:66:ce:72:70:e6:e3:f8:96:a4 (ECDSA)
|_ 256 0d:e5:7d:e8:1a:12:c0:dd:b7:66:5e:98:34:55:59:f6 (ED25519)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-robots.txt: 9 disallowed entries
| /workshop/ /root/ /lol/ /agent/ /feed /crawler /boot
|_/comingreallysoon /interesting
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).

Browsing through all the entries in robots.txt, found one website at:

http://wekor.thm/it-next/it_blog.php

Also let brute force directories for http://wekor.thm/it-next

FFUF

┌──(kali㉿kali)-[/opt/tools]
└─$ ffuf -u http://wekor.thm/it-next/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e .html,.php,.txt -c
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \…
0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204