├── requirements.txt ├── .github └── workflows │ └── pylint.yml ├── thmq2md.py └── README.md /requirements.txt: -------------------------------------------------------------------------------- 1 | beautifulsoup4==4.11.1 2 | selenium==4.7.2 3 | webdriver_manager 4 | html5lib 5 | -------------------------------------------------------------------------------- /.github/workflows/pylint.yml: -------------------------------------------------------------------------------- 1 | name: Pylint 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build: 7 | 8 | runs-on: ubuntu-latest 9 | 10 | steps: 11 | - uses: actions/checkout@v3 12 | - name: Set up Python 3.10 13 | uses: actions/setup-python@v3 14 | with: 15 | python-version: "3.10" 16 | - name: Install dependencies 17 | run: | 18 | python -m pip install --upgrade pip 19 | pip install flake8 pytest 20 | if [ -f requirements.txt ]; then pip install -r requirements.txt; fi 21 | - name: Lint with flake8 22 | run: | 23 | # stop the build if there are Python syntax errors or undefined names 24 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 25 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide 26 | flake8 ./*.py --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics 27 | -------------------------------------------------------------------------------- /thmq2md.py: -------------------------------------------------------------------------------- 1 | #!/bin/python3 2 | from selenium import webdriver 3 | from bs4 import BeautifulSoup 4 | import re, sys 5 | from selenium.webdriver.firefox.service import Service 6 | from webdriver_manager.firefox import GeckoDriverManager 7 | 8 | 9 | 10 | style ="\n" 11 | T=[" "," "] 12 | A=[" "," "] 13 | Q=[" "," "] 14 | H=["
","
"] 15 | N=[" "," "] 16 | 17 | 18 | 19 | 20 | 21 | def getTotalQ(data): 22 | return re.finditer(r"task-\d+", data) 23 | 24 | 25 | def getData(url): 26 | fireFoxOptions = webdriver.FirefoxOptions() 27 | fireFoxOptions.headless = True 28 | brower = webdriver.Firefox(options=fireFoxOptions, service=Service(executable_path=GeckoDriverManager().install())) 29 | brower.get(url) 30 | r = brower.page_source 31 | brower.quit() 32 | return r 33 | 34 | def extractData(tag, data="", clas="", url="", id1=""): 35 | if data == "": 36 | html = getData(url) 37 | contents = BeautifulSoup(html, 'html5lib') 38 | if clas == "" and id1 == "": 39 | return contents.find_all(tag) 40 | elif id1 != "" and clas== "": 41 | return contents.find_all(tag, {"id":id1}) 42 | elif id1 == "" and clas != "": 43 | return contents.find_all(tag, {"class":clas}) 44 | elif id1 != "" and clas != "" : 45 | return contents.find_all(tag, {"id":id1},{"class":clas}) 46 | else : 47 | contents = BeautifulSoup(data, 'html5lib') 48 | if clas == "" and id1 == "": 49 | return contents.find_all(tag) 50 | elif id1 != "" and clas== "": 51 | return contents.find_all(tag, {"id":id1}) 52 | elif id1 == "" and clas != "": 53 | return contents.find_all(tag, {"class":clas}) 54 | elif id1 != "" and clas != "" : 55 | return contents.find_all(tag, {"id":id1},{"class":clas}) 56 | 57 | 58 | def filtering(data, tag): 59 | d = re.finditer(r"

(.*)

", data) 60 | return d 61 | 62 | def cleanH(raw): 63 | cleanr = re.compile('<.*?>') 64 | cleantext = re.sub(cleanr, '', raw) 65 | return cleantext 66 | 67 | def main(): 68 | 69 | url = "" 70 | file = "" 71 | raw = False 72 | if len(sys.argv) == 1: 73 | url = input("enter URL for the room :" ) 74 | file = input("enter output file name with path :") 75 | else : 76 | for arg in sys.argv[1:]: 77 | if arg.find("http") > -1: 78 | url = arg 79 | elif arg.find("-raw") > -1: 80 | raw = True 81 | else : 82 | file = arg 83 | 84 | if raw: 85 | T[:]=[" "," "] 86 | A[:]=[" "," "] 87 | Q[:]=[" "," "] 88 | H[:]=[" "," "] 89 | N[:]=[" "," "] 90 | style="" 91 | source = getData(url) 92 | tasks = getTotalQ(source) 93 | room = extractData(data=source, id1="title", tag='h1') 94 | f = open(file, 'w') 95 | f.write(style) 96 | f.write(f"#{H[0]} {room[0].get_text()}{H[1]}\n\n") 97 | for task in tasks : 98 | questions = str(extractData(data=source, id1=task.group(0), tag='div')) 99 | question = str(extractData(data=questions, tag='div', clas='room-task-question-details')) 100 | title = extractData(data=questions, clas="card-link", tag='a') 101 | num = 1 102 | for ti in title : 103 | f.write(f"##{T[0]}"+str(ti.get_text()).strip()+f"{T[1]}\n") 104 | da = filtering(question, "p") 105 | for i in da : 106 | f.write(f"\t{num}. **"+cleanH(i.group(1).strip())+f'**\n\t\t*{A[0]} answer here {A[1]}\n') 107 | num+=1 108 | f.write("\n
\n") 109 | f.close() 110 | print("done") 111 | 112 | if '__main__' == __name__ : 113 | main() 114 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Pylint](https://github.com/cabbagec2hlbGwK/Try-hack-me-questions-crawler/actions/workflows/pylint.yml/badge.svg?branch=main)](https://github.com/cabbagec2hlbGwK/Try-hack-me-questions-crawler/actions/workflows/pylint.yml) 2 | --- 3 | # Try-hack-me-questions-crawler 4 | this is a small script for extracting data from try hack me room ,and compile a MD file 5 | 6 | ### Requirements 7 | * selenium 8 | * bs4 9 | * Firefox 10 | --- 11 | 12 | ### setup 13 | * change the file permission of "geckodriver" and "thmq2md.py" 14 | ```html 15 | pip install -r requirements.txt 16 | apt install firefox # If you do not have firefox 17 | ``` 18 | 19 | ### Usage 20 | ```bash 21 | thmq2md.py [-raw"No color"] 22 | 23 | Example 24 | thmq2md.py 'https://www.tryhackme.com/room/vulnversity' './README.md' 25 | ``` 26 | --- 27 | 28 | # Sample 29 | ```bash 30 | thmq2md.py "https://www.tryhackme.com/room/linuxprivesc" "./readme.md" -raw 31 | ``` 32 | **output** 33 | ```markdown 34 | # Linux PrivEsc 35 | 36 | ## Task 1 Deploy the Vulnerable Debian VM 37 | 1. **Deploy the machine and login to the "user" account using SSH.** 38 | * answer here 39 | 2. **Run the "id" command. What is the result?** 40 | * answer here 41 | 42 |
43 | ## Task 2 Service Exploits 44 | 1. **Read and follow along with the above.** 45 | * answer here 46 | 47 |
48 | ## Task 3 Weak File Permissions - Readable /etc/shadow 49 | 1. **What is the root user's password hash?** 50 | * answer here 51 | 2. **What hashing algorithm was used to produce the root user's password hash?** 52 | * answer here 53 | 3. **What is the root user's password?** 54 | * answer here 55 | 56 |
57 | ## Task 4 Weak File Permissions - Writable /etc/shadow 58 | 1. **Read and follow along with the above.** 59 | * answer here 60 | 61 |
62 | ## Task 5 Weak File Permissions - Writable /etc/passwd 63 | 1. **Run the "id" command as the newroot user. What is the result?** 64 | * answer here 65 | 66 |
67 | ## Task 6 Sudo - Shell Escape Sequences 68 | 1. **How many programs is "user" allowed to run via sudo?** 69 | * answer here 70 | 2. **One program on the list doesn't have a shell escape sequence on GTFOBins. Which is it?** 71 | * answer here 72 | 3. **Consider how you might use this program with sudo to gain root privileges without a shell escape sequence.** 73 | * answer here 74 | 75 |
76 | ## Task 7 Sudo - Environment Variables 77 | 1. **Read and follow along with the above.** 78 | * answer here 79 | 80 |
81 | ## Task 8 Cron Jobs - File Permissions 82 | 1. **Read and follow along with the above.** 83 | * answer here 84 | 85 |
86 | ## Task 9 Cron Jobs - PATH Environment Variable 87 | 1. **What is the value of the PATH variable in /etc/crontab?** 88 | * answer here 89 | 90 |
91 | ## Task 10 Cron Jobs - Wildcards 92 | 1. **Read and follow along with the above.** 93 | * answer here 94 | 95 |
96 | ## Task 11 SUID / SGID Executables - Known Exploits 97 | 1. **Read and follow along with the above.** 98 | * answer here 99 | 100 |
101 | ## Task 12 SUID / SGID Executables - Shared Object Injection 102 | 1. **Read and follow along with the above.** 103 | * answer here 104 | 105 |
106 | ## Task 13 SUID / SGID Executables - Environment Variables 107 | 1. **Read and follow along with the above.** 108 | * answer here 109 | 110 |
111 | ## Task 14 SUID / SGID Executables - Abusing Shell Features (#1) 112 | 1. **Read and follow along with the above.** 113 | * answer here 114 | 115 |
116 | ## Task 15 SUID / SGID Executables - Abusing Shell Features (#2) 117 | 1. **Read and follow along with the above.** 118 | * answer here 119 | 120 |
121 | ## Task 16 Passwords & Keys - History Files 122 | 1. **What is the full mysql command the user executed?** 123 | * answer here 124 | 125 |
126 | ## Task 17 Passwords & Keys - Config Files 127 | 1. **What file did you find the root user's credentials in?** 128 | * answer here 129 | 130 |
131 | ## Task 18 Passwords & Keys - SSH Keys 132 | 1. **Read and follow along with the above.** 133 | * answer here 134 | 135 |
136 | ## Task 19 NFS 137 | 1. **What is the name of the option that disables root squashing?** 138 | * answer here 139 | 140 |
141 | ## Task 20 Kernel Exploits 142 | 1. **Read and follow along with the above.** 143 | * answer here 144 | 145 |
146 | ## Task 21 Privilege Escalation Scripts 147 | 1. **Experiment with all three tools, running them with different options. Do all of them identify the techniques used in this room?** 148 | * answer here 149 | 150 |
151 | 152 | ``` 153 | --------------------------------------------------------------------------------