CyberHeroes TryHackMe Writeup Introduction CyberHeroes is a beginner-level TryHackMe room focused on breaking weak client-side authentication by inspecting exposed web logic. The goal is to find a way to log in using what the application itself reveals. Room link: https://tryhackme.com/room/cyberheroes Initial Reconnaissance I started with a basic Nmap scan to understand what services were exposed on the target. ~$ nmap -sV 10.48.153.105 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.48 ((Ubuntu)) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel There are two services running: SSH on port 22 HTTP on port 80 Web Exploitation Since port 80 was open, I navigated to it directly in the browser. The…
CyberHeroes TryHackMe Writeup Introduction CyberHeroes is a beginner-level TryHackMe room focused on breaking weak client-side authentication by inspecting exposed web logic. The goal is to find a way to log in using what the application itself reveals. Room link: https://tryhackme.com/room/cyberheroes Initial Reconnaissance I started with a basic Nmap scan to understand what services were exposed on the target. ~$ nmap -sV 10.48.153.105 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.48 ((Ubuntu)) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel There are two services running: SSH on port 22 HTTP on port 80 Web Exploitation Since port 80 was open, I navigated to it directly in the browser. The landing page turned out to be a simple index page with three tabs, including an About section and a Login page. The login page displayed a familiar challenge message inviting me to prove my hacking skills. With no credentials available upfront, I checked the page source and came across the following JavaScript block: This is where everything clicked. The script validates the input by checking a hardcoded username and a reversed password string. if (a.value==“h3ck3rBoi” & b.value==RevereString(“54321@terceSrepuS”)) Reversing the string reveals the password as SuperSecret@12345. With that, the required credentials became clear. Username h3ck3rBoi Password SuperSecret@12345 Capturing the Flag After logging in with the above credentials, the page returned the flag. flag{edb0be532c540b1a150c3a7e85d2466e} Conclusion CyberHeroes was a short but clean room that reinforced a core lesson I keep coming back to: never ignore what the client side is doing. A simple look at exposed JavaScript was enough to break the authentication logic and reach the goal. No noise, no detours, just paying attention to what was already in plain sight. Thanks for taking the time to read this walkthrough. If you found it useful and want more TryHackMe writeups like this, you can check out my GitHub repository here: TryHackMe walkthrough More rooms, more notes, same hands-on approach. CyberHeroes THM Writeup was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.