{"id":86,"date":"2021-07-03T21:46:00","date_gmt":"2021-07-03T21:46:00","guid":{"rendered":"https:\/\/thecyberstaff.com\/?p=86"},"modified":"2025-12-13T21:47:10","modified_gmt":"2025-12-13T21:47:10","slug":"pokemon-tryhackme-lab","status":"publish","type":"post","link":"https:\/\/thecyberstaff.com\/?p=86","title":{"rendered":"Pokemon- TryHackMe lab"},"content":{"rendered":"\n

oday I am working on the Gotta Catch’em All challenge from TryHackMe.com<\/a>.
<\/p>\n\n\n\n

Getting help from: https:\/\/medium.com\/@aritrachakraborty_74303\/gotta-catchem-all-a-writeup-for-ctf-style-thm-box-but-with-generic-techniques-904dc58e3890<\/a><\/p>\n\n\n\n


I got the IP address of the box and started with an Nmap scan:<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Next, I wanted to see what was open on port 80. I noticed the  http-title was “Can You Find Them All?”.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

It looks like a default Apache page, but with that http-title, I figured something was here. Next I looked at the page source:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Found credentials in the source and decided to try them with ssh as port 22 was open.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Checked the home folder with: ls -lAh<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Then running: ls -lAh *<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Next I went into the Desktop directory and started a python web server to grab that .zip file<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Manually grabbed the .zip, could have used wget: wget 10.10.238.31:8000\/P0kEmOn.zip<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

I unzipped this file and got a text file, I ran the cat command to read the contents<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

This file has hex code in it, I used cyberchef to decode the message:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Got the first flag!<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

After this, I found more credentials in another file<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Logged into Ash’s account<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I found the next flag, roots favorite Pok\u00e9mon.<\/p>\n\n\n\n

Next I searched for “fire” to get the last flag: find \/ -name ‘*fire*’ -type f 2>\/dev\/null (Too many results)<\/p>\n\n\n\n

find \/ -name ‘*fire*’ -type f 2>\/dev\/null | grep -ivE “(firefox|firewall)”<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Now that file looks interesting…<\/p>\n\n\n\n

I decode the Base64: cat \/etc\/why_am_i_here?\/fire-type.txt | base64 -d<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Got the next flag<\/p>\n\n\n\n

Next I looked in the web servers directory to see if any interesting files are there, I found the file below with some Rot13 inside.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Time to put this in cyberchef to get the flag<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

The output provided me with the last flag, this was a fun challenge!<\/p>\n","protected":false},"excerpt":{"rendered":"

oday I am working on the Gotta Catch’em All challenge from TryHackMe.com. Getting help from: https:\/\/medium.com\/@aritrachakraborty_74303\/gotta-catchem-all-a-writeup-for-ctf-style-thm-box-but-with-generic-techniques-904dc58e3890 I got the IP address of the box and started with an Nmap scan: Next, I wanted to see what was open on port 80. I noticed the  http-title was “Can You Find Them All?”. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-86","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-pentesting"],"brizy_media":[],"_links":{"self":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/86","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=86"}],"version-history":[{"count":1,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/86\/revisions"}],"predecessor-version":[{"id":87,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/86\/revisions\/87"}],"wp:attachment":[{"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=86"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=86"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecyberstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=86"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}