CyberHeroes
https://tryhackme.com/room/cyberheroes
Nmap
With only port 80 open we browse to the root page for CyberHeros.
Running the web site through ZAP proxy with attack mode enabled reveals several pages. Viewing the response results for /login.html reveals a potential user name and password. We see the password is assigned the value #undefined#undefinedRevereString".
Using the command line we are able to reverse the string.
To reveal the correct password for the user h3ck3rBoi where, we can then grab the room flag.
Last updated