Sws101_tryhack3m: bricks heist

Posted Jun 3, 2024

By Kanisha Pradhan 1 min read

Topic: TryHack3M Bricks Heist

10.10.129.73

Once we start the machine, we need to add the IP in our /etc/hosts file of our attacker machine.

The site shows wp-content which indicates the presence of Wordpress. First thing which we should do now is to scan this website using wpscan :

using ffuf we found the hidden directories of the machine and found admin

We can see the transactions history of that wallet. When one will go on to each one, he/she can check for the further details like privacy checks.

When, I went down on the last transaction recieved:

We can see the details of transactions, like the sender and reciever:

Just copy the sender’s address and search on Google:

it shows the link of LockBit Ransomware Group with this wallet.

This post is licensed under CC BY 4.0 by the author.