# TryHackMe Advent of Cyber 2020: Day 24 - Light Cycle Easter Egg Official Walkthrough

## Метаданные

- **Канал:** DarkSec
- **YouTube:** https://www.youtube.com/watch?v=zFsWBlwqANs
- **Источник:** https://ekstraktznaniy.ru/video/38716

## Транскрипт

### Segment 1 (00:00 - 05:00) []

hey everyone welcome back to another video here on darksec today i have a little bit of a different video this is a very special video uh is it something that i've wanted to cover for quite some time on the channel however i wanted to wait for a little while until after the event ended so today we're going to be taking a look at day 24 the trial before christmas from this year's avid of cyber and we're going to take a look at the easter egg walking through it and breaking down the different steps in it and the easter egg in this uh there are little bits that i'm probably gonna miss just small details but we'll walk through the big section of it that being said let's go ahead and dive right in uh first things first we're gonna go ahead and start the machine now one thing to note i believe it's on the thumbnail version of this on the uh actual background here there is a tron logo hidden up here in the moon now if that doesn't give you an idea what the easter egg is themed after uh while you'll see it soon so that being said i'm going to go ahead and deploy the actual box attached to this room and then i'm going to shut the attack box yeah you can see it right up here a little bit more clearly and then we can go ahead and start taking a look into the easter egg now i'm gonna go ahead and pause and when we are back we can start digging into this uh with it being loaded all right and we're back so now we're going to go ahead and actually dive into the easter egg itself first things first you will want to perform an nmap scan and if you've done this event and done this room as part of the event you probably scanned this and found or saw that there were two distinct web servers on this there is a web server on port 80 and then there's one on a high report that i forget the number of at this time that being said uh if you watched the video that i did over this day originally for the event i put a quick note in the comments that if you want to find the easter egg don't follow my instructions and in my instructions i explicitly say that we're going to go and we want to investigate that higher port which is pretty common for a ctf box like this that being said we're not going to follow my instructions and well rather we want to take a look at what's on port 80 and we're going to go ahead and do exactly that right now and that's interesting that is the try heckmay website uh this is actually an offline clone of the trihekmy website that we've kind of frozen in time so you can go through and see yeah this was a while ago we're at almost half a million users right now so you can go through and play around with that however there's a lot more what would an easter bag be if we didn't have multiple layers to it so the next logical step here we found a website we want to go ahead and do go busting or dirt busting on this recursively and you can go ahead and do that and you will eventually end up finding a directory that is the number three and that's interesting uh that's retro that is from the first avenue of cyber uh this is a box that i made for the first advent of cyber this is the website that was on it the website retro fanatics and you can see right at the top there is a tron arcade cabinet so okay we found that uh if you click any of these links i believe it sends you to rickroll however a couple of these are also uh try hack me codes which you can see down there so subscriber codes so you could get if you were fast enough you could find vouchers on this pretty cool that being said we want to go deeper and if you continue dirtbusting you will find this next website which is in the three directory now this one if you look at the title we'll say refresh me and it will change between a bunch of different sites so you have vargs twitter mirrors blog spooky's blog and then eventually they should get to my website the darksec homepage and we'll give it just a couple more tries there we go so this cycles through everyone that worked on the box all of their websites very cool uh that being said let's go another way layer deeper and those of you familiar with classic nerd movies will start seeing where we're going and we get our first rick whirl um this was uh a lot of fun uh we put multiple layers of this in if you continue dirt bussing you will get a two and you'll find this uh shout outs this is everyone that tested the box along with uh some community shout outs for uh some younger members of the community that we wanted to give shout outs to that they were doing a lot of really cool uh hacking with this event um and here you can see the credits of who made the box so very cool i believe there's also a sub voucher in the source code at this page in the comments continuing on

### Segment 2 (05:00 - 07:00) [5:00]

i think we had a couple layers of this so you yeah so you couldn't miss it and you're gonna start seeing kind of a weird pattern of merge and another rick roll because you know we got to make sure that you had at least one of those and then the last layer was four interesting okay so that's let's go ahead and put this in full screen and take a look this is something uh let's go ahead and name ourself dark and i don't know if it's gonna let me go into this uh however first off uh this pattern up here if you google this is the phone number for the whopper computer the norad whopper computer from wargames uh so that's the actual pattern up here however uh this uh and it might not work in the attack box uh this is uh tron this is actually the video game tron in the web browser and uh if you actually are able to get it working and it looks like it might not want to work for me in this case the you can change the name of the opponents in this and we've gone ahead and hard coded in myself and the other box creators as your opponents that you can play against so definitely recommend going and checking that out that being said if you find the higher level port and are poking around there and get root access to this box you can also see a bunch of this hidden on the box too because you can view the web directory structure additionally if you poke around on the box and look at the users along with the organization and like the details for those users they all work for uh flynn uh or flynn's arcade uh and there's or ncom there's a whole bunch of easter eggs hidden in there uh if you haven't seen tron i highly recommend watching it is one of my favorite movies and it's the entire theme for this box that being said that's the easter egg again i recommend going and trying this out for yourself it is very fun this is one of those things that uh if you can grab chrome and put it on the attack box it'll definitely be worth it or performing it from your own cali box or just spinning this up and connecting your host machine like a windows machine to this would also be pretty fun to go through and play around on it that being said that's going to do it for this video kind of a quick one but also a very fun video if you like this easter egg feel free to comment about it in the comments down below if there are other themed boxes that you'd like to see i have a couple that i've been working on and i'm very excited to see when they ultimately come out uh however if there's themes you want to see or if you were frustrated with this box please comment down below but until next time uh happy hacking