Decided to formally create a write-up for my tryhackme journey. This is not in sequence, writing from my memory so every section are labeled by their titles in THM.
--
[Introduction to Web Hacking]
As the attackbox was really slow, I decided to switch to my archlinux machine (was using my windows workstation before).
Setting up OpenVPN in my arch was a smooth-sailing experience (completely oblivious to the absurd errors I'll encounter the next few hours.) I'm completely writing this from my memory so I hope I could remember the fixes I did for my machine and ridiculous errors I encountered.
After downloading OpenVPN on my machine, sudo pacman -Syu openvpn, we connected to the THM by sudo openvpn ~/Downloads/username.ovpn.
Encountered an error, and by changing the username.ovpn to the name of the server, sudo openvpn ~/Downloads/EU-VIP-2.ovpn, the connection was a success.
In the section #[Content Discovery], there was this tricky error since this was my first time using arch with ffuf tool. And keep in mind that I am not using the attackbox, so configurations were manually added.
At first error:/usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt not found,
I have to download these packages from AUR, and pacman does not directly download those packages using pacman -S.
git clone https://aur.archlinux.org/ffuf.git
cd ffuf
makepkg -si
is the easiest way to download packages from AUR. There were hiccups at first, like AUR being unreachable. Tried to ping it, and it was unreachable but after restarting my machine and pinging google, making sure I can reach other sites, AUR finally was reachable.
Make sure that the wordlists package is also installed, which is also in AUR. The very tricky part here which I finally cracked after some forum hopping is that the default path might be different, not the ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://MACHINE_IP/FUZZ in THM. I found this while simultaneously solving why the GNU default command locate wasn't working.
sudo pacman -S mlocate
updatedb
And finally, found the path after executing locate common.txt which was /usr/share/wordlists/dirb/common.txt.
And after all those errors, found the answers to:
What is the name of the directory beginning "/mo...." that was discovered?
monthly
What is the name of the log file that was discovered?
development.log
As I wasn't using the default attackbox, it was fun solving these errors.
Top comments (0)