CyberHeroes is an easy rated box on Try Hack Me.


Room Hints
  • Have you reviewed the source code?


Full Walkthrough

Task 1 - Uncover the Flag

First, let’s enumerate the open ports with:


CyberHeroes threader3000

Once complete, let it complete it’s recommended nmap scan.

CyberHeroes nmap

It appears that the only thing hosted is a website on port 80, let’s take a look at it.

CyberHeroes website

The login page presents us with a screen similar to the following:

CyberHeroes website

I looked at the source code, and it appears that the login is calling the authenticate() function from a script in the source code. This code has the login credentials present in plain text in them (although the password has to be reversed).

CyberHeroes website source code

Now that we have the credentials, let’s login:

CyberHeroes website login

We should now see the flag for this challenge!

CyberHeroes website flag