💘 Hidden Deep Into My Heart – TryHackMe Write-Up

 

💘 Hidden Deep Into My Heart – TryHackMe Write-Up

Room: Hidden Deep Into My Heart
Platform: TryHackMe
Category: Web
Difficulty: Easy
Flag: THM{l0v3_is_in_th3_r0b0ts_txt}

📝 Challenge Overview

In this room, we were given a web application running at:

http://10.49.167.20:5000

The mission was simple:

Find what's hidden deep inside this website.

The hint strongly suggested that something was hidden, so this was clearly a web enumeration challenge.

🔎 Step 1: Initial Recon

First, I opened the website in the browser.

It looked like a simple webpage — nothing suspicious on the surface.

Whenever I see a basic website in a CTF, my first thought is:

  • Check source code

  • Check robots.txt

  • Enumerate directories

🤖 Step 2: Checking robots.txt

I navigated to:

http://10.49.167.20:5000/robots.txt

And boom! 💥

There was useful information inside robots.txt.

This file contained:

  • A hidden directory path

  • Login credentials (username & password)

This is a very common CTF trick — developers accidentally leave sensitive information inside robots.txt.

👉 Lesson: Always check robots.txt in web challenges.

📂 Step 3: Directory Enumeration with dirsearch

To find hidden directories, I used dirsearch.

dirsearch -u http://10.49.167.20:5000

After scanning, a new directory appeared:

/administore

This looked like an admin login panel.

🔐 Step 4: Accessing the Admin Panel

I visited:

http://10.49.167.20:5000/administore

There was a login page.

From robots.txt, I already had:

  • Username: admin

  • Password: (from robots.txt)

I entered the credentials…

And successfully logged in! 🎉

🚩 Step 5: Finding the Flag

After logging into the admin panel, I searched around the page.

Inside, I found the flag:

THM{l0v3_is_in_th3_r0b0ts_txt}

Mission complete 💕

📚 Key Takeaways

✔ Always check robots.txt
✔ Use directory brute-forcing tools like dirsearch
✔ Never ignore hidden paths
✔ Developers sometimes expose credentials in public files
✔ Enumeration is the key in web CTF challenges

🛠 Tools Used

  • Browser

  • dirsearch

  • Basic web enumeration techniques

💡 Final Thoughts

This was an easy but very educational web challenge.

The main vulnerability was:

Sensitive information exposed in robots.txt.

Even small misconfigurations can lead to full compromise.

Comments

Post a Comment

Popular Posts