https://tryhackme.com/room/django it’s a free room
First of all understand the basics how to add ALLOWED_HOSTS in seetings.py and read all the introduction of this room to understand how the app works
After completion of reading the introduction , creating a website and concluding , now deploy the server
Connect to the server using putty or any ssh client using username:django-admin and password:roottoor1212
For the user flag
come out of the current directory which django_admin and there is one more folder called Strangefox browse that directory you can find the flag here
For the admin flag
create a super user by giving the command python3 manage.py createsuperuser
I created django-admin and password : roottoor1212
now go to the portal IP:8000/admin then give the above creds
now browse the users tab http://10.10.249.252:8000/admin/auth/user/ there you can see the admin flag
Hidden flag?
login to the machine using putty using above creds and then you will see the folder messagebox and again do list out of the contents in the directory you will see again one more directory called messagebox .
Go to that directory list out the contents and try to retreive all the files in the folder , you will seee the third flag in html file if you observe the file keenly.
That’s all you have cracked all the flags in this ctf machine.