Pretty tough room today playing Capture the Flag – Daily Bugle over on Tryhackme. The room had a fun Spiderman Theme.

This room was rated HARD, but TBH I didn’t think it was that bad. I would consider it an Intermediate room. There were a few things that made it harder than usual however, so I’ll try to go over that a bit.

There were almost no notes to work from, it was more or less ‘Here is the server, hack it’. This made it quite a bit more challenging.

Another issue was scanning with SQLMap didn’t reveal anything with a normal scan, but there was a cryptic note about SQLi vulnerabilities so what else can you do but press on.

Finding the version of Joomla, the sites’ CMS, was extremely helpful because we could find a great Python scripted exploit to get in.

The rest was pretty much downhill until the very end. The exploit for yum required an RPM, but there’s no fpm for Kali.. that’s more for Redhat RPMs. But, I did find a way to do it using a ruby gem called fpm.

Bookmark this and install it, because you will need it one day I promise: https://fpm.readthedocs.io/en/v1.10.2/source/gem.html

For that matter, I suggest you install Golang, and Ruby if you haven’t already. Those are both extremely good and useful languages. If Ghandi was a programming language he would have been Ruby 😛

Anyway that was a little caveat that I’m sure has caught a few people out. You can check out my full notes for this room over on my github here:

https://github.com/c0ri/PentestingDocs/blob/main/CTFs/THM/Daily%20Bugle.md

Have some thoughts on this room? I’d love to hear your story!

Like what I do? https://www.buymeacoffee.com/c0ri