Member-only story
Cheese CTF: TryHackMe Walkthrough
Hello, everyone! In this post, we’ll be exploring the Cheese CTF room on TryHackMe, where we tackle several exciting challenges. We’ll use SQL injection to bypass a login screen, exploit a File Inclusion vulnerability to achieve Remote Code Execution (RCE), move between user accounts, and finally escalate our privileges to gain root access.
Let’s break down the approach and solve this room!
Step 1: Setting Up and Initial Recon
To get started, I created a directory for Cheese CTF on my machine. Since an nmap scan isn’t particularly necessary in this case, I skipped it after confirming that Port 80 and SSH (Port 22) were the main focus here.
Once you have the target IP, simply copy it into your browser. The website presents itself as a cheese shop with a few functionalities: Products, About Us, Contact, and Login. Most of these links lead to the same page, except for the Login, which opens a new page.
Step 2: Investigating the Web Page
I began by inspecting the View Page Source for any clues. While there wasn’t much initially, I did notice that the login link had been recently added. Despite some attempts at brute-forcing the login (using common combinations like `admin:admin`), nothing seemed to work.
So, what’s next when brute force fails? Let’s move on to SQL injection.
Step 3: SQL Injection Attack
I attempted a basic SQL injection query:
' OR 1=1;-- -This didn’t work, so I tried a slight variation, you can check out different payload for SQL injection at GitHub — payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List:
' || '1'='1';-- -And we get a page with cheese shop admin panel:
