CyberCrafted is a great box because it steps out of the ordinary, given the fact that it is actually a Minecraft game server.
It includes vhost fuzzing, in depth enumeration, SQL injection and advanced Linux investigation. Here is how you can find your way to root through this medium-level box.
First of all, if you want to try the room on your own, here is the link where you can find it :
https://tryhackme.com/room/cybercrafted
Or if you would like to simply explore TryHackMe : https://tryhackme.com
As always, here is our initial and exhaustive nmap scan :
nmap -p- -vv -sC -A -oN full.nmap <IP>
We can see that there are three ports open : 22 for SSH, 80 for HTTP, and 25565 which seems to be running the minecraft service.
We can see that the HTTP server on port 80 tried redirecting us to http://cybercrafted.thm. Let's try the following curl request :
curl http://10.10.28.175 -H 'Host: cybercrafted.thm'
We get the following response :
Ok that means that the website behaves differently according to which domain we give him. That would be a potential indicator that we have to look for subdomains.
The comment at the bottom of the page confirms us that we're expected to perform vhost enumeration.
But first, let's add an entry to /etc/hosts :
That will allow us to go faster by using the browser.