Open in app

Sign in

Write

Sign in

TryHackMe Chocolate Factory Write Up (Beginner Friendly)

Cursemagic
4 min readJan 18, 2021

--

Hi, today I would like to share a write up about the Chocolate Factory room created by 0x9747 saharshtapi and AndyInfoSec on the TryHackMe platform. Let’s begin!

Link to TryHackMe’s Chocolate Factory room: https://tryhackme.com/room/chocolatefactory

START

Go to the link.

Now we can run gobuster to see what directory we can access.

Seems we do not have any luck. Now let’s try Nmap.

nmap -p- -T4 -sV -sC <MACHINE-IP>

We slowly go through and we can found a port with special indication.

Go to the link and it seems we can download a file.

I use a program to get the hex for the file and I found the string.

Stegoveritas

Run stegoveritas and we will have a file that contains a bunch of letters inside.

We copy it and put it into CyberChef and use Base64 to decode it and we can get useful information.

I use john to crack the hash and yes, it works! We have the password!

Now let’s try to log in.

Yes, we are in! There is a small box for users to enter the command.

I tried ls. And we have:

Now let’s try reverse shell.

We have it!

User.txt

Now let’s search for user.txt.

Oh No, it seems we do not have the privilege to do so. So, I run:

find / -perm -4000 2>/dev/null

I don't see anything that we can use to escalate. But I suddenly realize that there is one weird file. Yes, teleport.

Bingo! I then copy and paste it into a text file. Then, chmod 400 to the file and use it to login as charlie.

And we logged in as charlie!

Now display the user.txt!

Ok. Now it’s time for root.txt

Root.txt

Run sudo -l. And we got:

We can use vi to escalate our privilege.

Go to GTFOBins and get the line to exploit.

YES! We got root access!

Now final and most satisfying part, get root.txt.

It is a python program. It requires the user to enter a string to decode the message. So, I tried to use the string found earlier.

Yes, We are done!

Thank you for reading my write-up for this room. This is pretty easy as the challenge is quite straight forward. But still, it is quite fun!

###########################################

Anyone who would like to sponsor me vouchers or anything is greatly appreciated! XD

###########################################

Tryhackme
Beginner Friendly
Writeup

--

--

Cursemagic
Cursemagic

Written by Cursemagic

15 Followers
1 Following

Just learning, together we are strong.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams