Posts Tryhackme - Gotta Catch'em All!
Post
Cancel

Tryhackme - Gotta Catch'em All!


Gotta Catch'em All! is a easy room in Tryhackme which is based on the pokemon series. The objective is to get the pokemon flags.


cover_image

AuthorGhostlyPy
DescriptionThis room is based on the original Pokemon series. Can you obtain all the Pokemon in this room?

Deploy the VM and lets go.

Enumeration


Let’s start with a nmap scan.
nmap_scan
I checked the http service and I noticed the logo for the apache2 was missing.
apache_2
So, I checked the source page and found this.
ssh_creds
I tried this credentials for the ssh service and it worked.

Grass flag


After logging into ssh I found a zip file in the dir /Desktop.
zip_file
I unzipped the file.

unzip file-name.zip


unzip_file
After reading the file inside the inflated directory I found that it is hex encoded.
grass_type
I decoded it using cyberchef.
grass_flag
That’ll give the answer to the first question.

Water flag


Following the first flag, I figured the naming pattern and just used locate to get the flags location.

locate water-type.txt


water_type
Again, I used cyberchef to decode the text but this time it was rot13 cipher with a key of 14.
water_flag

Fire flag


Again, I used the same locate command to get the location of the flag.
fire_type
I used the command line base64 tool to decode the text.

 echo "base64-content" | base64 -d


fire_flag

Roots flag


I had no luck with the locate command this time. So, I manually searched through the directories. And finally, I found this file which had the password for the user ash.
ash_passwd
Then I changed the user to ash.

su ash


I found the roots flag in the /home directory.
root_flag
Viola!! We got all the flags.

That’s it folks. Happy hacking!!!

This post is licensed under CC BY 4.0 by the author.