TryHackMe |Anthem Walkthrough

4 min readJun 9, 2021

A beginner-level windows CTF challenge.

This walkthrough is written as a part of the Master certificate in cybersecurity (Red Team) that I am pursuing from HackerU

Reconnaissance

Starting with an nmap scan .

nmap -sS -sV -A <IP>

We discover 2 open ports 80 and 3389. There is port 80 open so it means there should a website.

Let's see what the website has for us.

We can find our first couple of flags just by looking through the pages and checking the page source. Along with that sets run dirbuster to find the web directories.

Checking robots.txt

Here can have some juicy stuff and another flag.

So we know UmbracoIsTheBest! is a possible password for some login

On one of the pages, we see this poem.

On further googling, we find that the author of this poem is Solomon Grundy

On one of the pages, we saw the email id of Author Jane Doe as JD@anthem.com

So it made sense that the email id for Solomon grundy would be also SG@anthem.com

Checking the source code

http://<IP>/archive/we-are hiring/ > view source code

http://<IP>/archive/a-cheers-to-our-itdepartments/ > view source code

http://<IP>/authors/jane-doe/

http://<IP>/archive/a-cheers-to-our-it-departmenst/ > view source code

Finding the main flags

As we already know that we have a remote desktop port 3389 open, we use the already found credentials to log in.

Username — SG

Password — UmbracoIsTheBest!

rdesktop -u SG -p UmbracoIsTheBest! <IP>

Here we have our user flag.

Now our root flag is hidden. There is a backup folder that has the password required to access the Administrator folder. Enable hidden items folder to view it.