This is the write up for the room Introduction to Django on Tryhackme and it is part of the Web Fundamentals Path
Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.
Tasks Introduction to Django
Task 1
Read all that is in the task and press complete
Task 2
First create a new directory to hold the project. Type in
mkdir django
django-admin startproject Thebeginning
The navigate into the drectoy by typing
cd Thegebinning
then type
python3 manage.py migrate
To start it al up type in the command
python3 manage.py runserver
Now navigate with firefox to the IP giving the the terminal
Now press control + c in the terminal to backout of the website and type in the follwoing command
python3 manage.py createsuperuser
now startup the server again by typing
python3 manage.py runserver
Navigate to
http://127.0.0.1:8000/admin/
and login
The answer of the questions in this task can be found in the tekst of the task
2.1 How would we create an app called Forms?
Answer: python3 manage.py startapp forms
2.2 How would we run our project to a local network?
python3 manage.py runserver 0.0.0.0:8000
Task 3
Read all that is in this task and follow along then press complete
Task 4
Open this github page that is in the task and look at the bottom to find the flag
Task 5
Startup the machine attached to the task. Then ssh into the machine by typing
When navigating to the site we see we are not allowed
We need to fix this first. Let’s ssh into the machine
ssh django-admin@MACHINE_IP
Use the password giving in the task.
Now add theIP to the allowed host
if we now visit the site we see
When reading the message we see nothing of interest. Let’s see if we can see the admin page.
We do not have those credentials but we can create it
Type in the following in the terminal.
python3 manage.py createsuperuser
Now login in
Click on users and see the first flag
ALs notice the SSH username. It has a hash. When we navigate to the pastebin.com we see the hash/Copy this hash and head over to crtackstation.net and put in the hash. You now have the password
So we have a username StrangeFox and the password we have from the hash. Now login with these creadentials trough ssh
Now we have the second flag
Back to the terminal where we are login in as django-admin. If you are logged out then ssh back in. When looking around I notice one file that was not covered in all the task
cat the home.html and find the last flag
