Wonderland — TryHackMe

Exploiting Search Order Hijacking and Hijacking Imported Python Modules

NOTE: IF YOU HAVE NOT TRIED THE WONDERLAND CHALLENGE FROM TRYHACKME, I RECOMMEND YOU TRY IT OUT ON YOUR OWN BEFORE READING THIS WALKTHROUGH AS IT IS A VERY FUN CTF BOX!

Initial Reconnaissance

Nmap

Running Nmap shows us that the box has two open ports: 22 and 80. I like to run an all ports scan before running a scan for version enumeration to make the scanning process more efficient.

HTTP Server Enumeration

Knowing that SSH is notoriously known for being secure and also confirming that there are no known exploits for version 7.6p1 of SSH, directed my attention to the only other port open, port 80, the Golang HTTP server running on the box. Visiting the main page, which had a quote and an image of a rabbit from Alice in Wonderland, was not very useful so I went on to perform subdirectory brute-forcing.