Anthem Walkthrough — TryHackme

Anthem !!!!
scan results

We could see that is windows machine and windows server running and RemoteDesktop protocol running

Next step enumerated the robots.txt

web blog running

ROBOTS.TXT

We could see the disallow entries so umbraco is the cms so i thought it will be the foothold to enter the server

Lets enumerate further in the blogs to get usernames and flags because we dint find any exploit that is working on umbraco

Found a first flag inside first page source

Second flag found with a user exist as janedoe and found a email as JD@anthem.com ( thats a short form of janedoe )

We found a password UmbracoIsTheBest! as password in robot.txt but that didn't work for that jane doe email.

Further enumerated the blog

The was poem

I copied the poem and pasted in google search i got repeated name solomon grundy. So that was a two name SG so thought of using SG@anthem.com for the password found in the robots.txt

I was able to login to the umbraco !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Lets try the same creds for the remote desktop

HURRAAY I WAS ABLE TO LOGIN TO THE SYSTEM

After all enumeration i found some hidden directories in the Local disk C

But i was not able read restore.txt and checked his permission i was not the user added in it so i can edit it and can add to the permission group

Added to the group

Then i was able to read the restore.txt

Password for administrator
Got ROOT

I was able to login as Administrator

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Actually Use Netlify Forms with NuxtJS

1985 Toyota Corolla Repair Manual Free Download

Dockerize your Node.js application in a few simple steps

A nice pattern for your (Redux) state

Embedding a code editor in your website using React-Ace

Upgrade your app from Vue 2 to Vue 3

Dynamic import NgModule | Angular 13

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vigneshwar DK

Vigneshwar DK

More from Medium

About Us

Puzzles Crusade is a Match 3 RPG for iOS and Android with Play-2-Earn Mechanics built on the…

Creating an Azure Sentinel Map with Live Attacks | Beginner SIEM Honeypot Lab

API gateway and Its Invokation with Lamda