TryHackMe: Advent of Cyber - Day 14 - Dev Insecure Ops

December 18, 2021 less than 1 minute read

This is a write up for the Day 14 - Dev(Insecure)Ops challenge in the Advent of Cyber room on TryHackMe. Some tasks may have been omitted as they do not require an answer.

How many pages did the dirb scan find with its default wordlist?

Answer: 4

How many scripts do you see in the /home/thegrinch/scripts folder?

Answer: 4

What are the five characters following $6$G in pepper’s password hash?

Edit the loot.sh file to print /etc/shadow. Wait for CI/CD runner to update and refresh the page.

Answer: ZUP42

What is the content of the flag.txt file on the Grinch’s user’s desktop?

Update the loot.sh file and print the contents of the flag.txt file.

Answer: DI3H4rdIsTheBestX-masMovie!

Recap

In this task we learnt:

CI/CD concepts
Risks associated with CI/CD
CI/CD exploitation vectors

Andrew Dickinson

How many pages did the dirb scan find with its default wordlist?

How many scripts do you see in the /home/thegrinch/scripts folder?

What are the five characters following $6$G in pepper’s password hash?

What is the content of the flag.txt file on the Grinch’s user’s desktop?

Recap