TryHackMe Advent of cyber Day 9 Task 14 walkthrough

The platform develops virtual classrooms that not only allow users to deploy training environments with the click of a button, but also reinforce learning by adding a question-answer approach. Its a comfortable experience to learn using pre-designed courses which include virtual machines (VM) hosted in the cloud.

TryHackMe Advent of cyber Day 9 Task 14 walkthrough


While using a question-answer model does make learning easier, TryHackMe allows users to create their own virtual classrooms to teach particular topics enabling them to become teachers. This not only provides other users with rich and varied content, but also helps creators reinforce their understanding of fundamental concepts.












TryHackMe :- Click Here

Day Nine — Requests

Day 9 brings us our first scripting challenge. We’re given access to a public IP VM (on the THM network, so remember to use OpenVPN!) located at 10.10.241.214 or 10.10.112.87 and are told that it runs a webserver on Port 3000. We’re also told that the root directory of the webpage serves a file containing the JSON object: {"value":"s","next":"f"} , which gives us a value and the location of the next value. The support material for today’s challenge is once again a Google Doc. I’ve provided a step-by-step tutorial for building today’s script, and there’s a screenshot of the finished program at the end of the Day 9 write-up.
TryHackMe Advent of cyber Day 9 Task 14



Despite being told that the file just contains a single JSON object, I think it’s worth just checking for ourselves.



  curl http://10.10.169.100:3000 


But if using a web browser is preferable then that works too (note that the browser is displaying the data as a table — switch to the Raw Data tab to see what the website will actually send if request data from it):












As I understand it, a lot of people just did this challenge manually; however, it’s a lot more fun (not to mention quicker and more reliable) to do it with a simple script, so that’s what we’re doing.


Get your favourite text editor up and make a new Python ( .py ) file. If you don’t have Python installed then download it from here if you’re running Windows or Mac. Most flavours of Linux already have Python installed, but if you prefer using an IDE to code then it’s worth downloading IDLE or Visual Studio code.


We’ll go through this line by line, and I’ll post a screenshot of the finished file when we get to the end.





The first thing we need to do is import the requests library:


import requests


The requests library is used to send HTTP requests and receive responses. For this program that’s all we need it to do: send and receive.


The next thing we’re going to do is setup global variables for the host and path of the domain:


path = "/"
host = "http://10.10.169.100:3000"
These will be used during the actual requests stage — for the time being our path is just the root directory because we know that’s where the first JSON object is.

We also want to make an (empty) global array to store our answers in:



values = []


We know from the challenge description that we’re being asked to keep following the trail of JSON objects until we reach one that is {"value":"end","next":"end"} — in other words, we want to keep going until the next path in the list is /end .


Let’s set up a while loop to do this:



while path != "/end":


From this point on indentation is extremely important as the Python interpreter uses it to determine which lines are part of which statement. Everything inside the while loop has to have a single tab before it.

The next thing we need to do is request some information from the server:



response = requests.get(host+path)


This makes a GET request to the website and stores the response in a variable called response.

The next line we need is:


json_response = response.json()



Without going into too much detail, this line analyses the response for JSON data and sets it (as a dictionary) to a variable called json_response.

We now have our JSON object saved as a Python dictionary with key-value pairs. Right now our dictionary looks like this:










So, we have our data in a readable format. What are we going to do with it now?

The first thing we need to do is update our path variable so that the program knows where to look next:


path = "/" + json_response["next"]

This is setting the path variable equal to a forward slash, followed by the value stored with the “next” key from the dictionary we requested. After the first iteration of our loop, the path variable would look like this:



/f


because “f” was the letter stored in the first dictionary “next” key.

We also want to add the value to our list of values — but only if the value isn’t end :


 
if path != "/end":
        values.append(json_response["value"])



We already decoded the “next” value and set it to the path, so if we test path to be equal to /end we know that the next value was “end”. In the above statement, if the path is anything other than /end the value in the “value” key of the dictionary will get added to our list of values.


Finally (outside the while loop), we use:


print("".join(values))


which outputs the values array (joined together as a string) to give us our answer to the only question for Day9. The final program should look like this:

Full Program

#!/usr/bin/python3

import requests
path = "/"
host = "http://10.10.169.100:3000"
values = []

while path != "/end":
   response = requests.get(host+path)
   json_response = response.json()
   path = "/" + json_response["next"]
   if path != "/end":
        values.append(json_response["value"])
print("".join(values))




When we run the program, we should be given our sole answer for the day:










python request.py





  Program returns the flag




Video Tutorial :-



   

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.






I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)