Django room in tryhackme

gayatri r
1 min readMay 30, 2020

-- it’s a free room

First of all understand the basics how to add ALLOWED_HOSTS in and read all the introduction of this room to understand how the app works

After completion of reading the introduction , creating a website and concluding , now deploy the server

Connect to the server using putty or any ssh client using username:django-admin and password:roottoor1212

For the user flag

come out of the current directory which django_admin and there is one more folder called Strangefox browse that directory you can find the flag here

For the admin flag

create a super user by giving the command python3 createsuperuser

I created django-admin and password : roottoor1212

now go to the portal IP:8000/admin then give the above creds

now browse the users tab there you can see the admin flag

Hidden flag?

login to the machine using putty using above creds and then you will see the folder messagebox and again do list out of the contents in the directory you will see again one more directory called messagebox .

Go to that directory list out the contents and try to retreive all the files in the folder , you will seee the third flag in html file if you observe the file keenly.

That’s all you have cracked all the flags in this ctf machine.



gayatri r