TryHackMe – Çerez Official WriteUp


We have shared the questions and answers of the ‘Çerez‘ room on TryHackMe in this post.

Question: Arif sent you a message, find the message.

Arif has left us a message, mentioning that there is only one image. This implies that there might be hidden text within the image, which is known as steganography. We cannot attempt to decode it using steganography decoder websites because there is a password that needs to be cracked. For this purpose, we will use a tool called StegCracker.

StegCracker utilizes the rockyou wordlist, which is included in Kali Linux. Now, let’s find the password:

Navigate to the directory where you downloaded StegCracker and enter the following command, then wait for the result:

stegcracker /imagepath/arif.jpg

Once we find the password, it will reveal the hidden message within the image. StegCracker

“Arif has started learning Python and is signing up somewhere with the username ‘arifisik’ and attaching code snippets. Can you take a look and see what’s there?”

We encounter such a text. Typically, we add our code snippets to our GitHub or GitLab accounts. Upon inspection, we find that there is a user named ‘arifisik’ on GitLab who has created a repository. Inside this repository, there is a file named ‘’. Upon closer examination, we understand that it is the solution code for a simple encryption. When we run the code directly, it gives us the output ‘kernelblog’, but since this option is not among the choices, it means that it’s not the correct answer. In the first line of the code, there is a password added as a comment. We take this password and place it in the ‘sifrelenmiş[]’ part of the code, then when we run it, we find our answer. data hiding and encryption question.

Answer: 107 101 114 110 101 108 98 108 111 103 113

Question: The Gh0stNight user has been placed a hash in the program he wrote, it may be useful

Here, our user Gh0sNight has written a program and embedded a hash within it. We usually upload our code to GitHub. Let’s see if there is such a user on GitHub. We found our user. Now let’s find the hash within the code.

The hash is clearly visible (QmFiYSBha8O8IHlvaw==). We understand that the hash is in base64 format. We go to a decoder website and decode the hash.

Answer: Baba akü yok

Question: 0x53 0x6f 0x72 0x75 0x6e 0x75 0x6e 0x20 0x63 0x65 0x76 0x61 0x62 0xc4 0xb1 0x20 0x42 0x65 0x6e 0x64 0x65 0x20 0xc3 0xb6 0x7a 0x6c 0x65 0x64 0x69 0x6d 0x20 0x62 0x65 0x6e 0x64 0x65

As you mentioned, this question is quite simple! We just need to realize that the question is written in a hexadecimal format. Once we understand this, the rest is straightforward.

Let’s quickly copy the question and convert it from hexadecimal to UTF-8 using any online tool. Let’s do it and find the answer.

Answer: Bende özledim bende


+++++ ++++[ ->+++ +++++ +<]>+ ++.<+ +++[- >++++ <]>++ +++.- .<+++ [->++
+<]>+ +++.- —– —.+ +++++ +++.<

When we look at the programming language, we see a code snippet consisting of specific characters. After doing some research, we understand that it is a language called Brainfuck. By entering a decoder website and decoding the code, we can find the answer.

Answer: Tihulu

Question: $>*{?><>0{/=_3=]X/+{&-&P#>0

We need to make the necessary corrections to the faulty parts in the code. Finally, we need to call the function. Although the function is defined earlier, it is not being called. Let’s fix that as well. We pass the given hash as an argument when calling the function. When we run the program.

Answer: Bir cisim yaklaşıyo efendim

Question: Reverse I’m trying to open the program, but I forgot my password. Can you find the password and give me the output result?

This question is a reverse engineering question, as you can understand from the downloaded file’s name. The only thing we need to do is to open it with a decompiler. I will use Snowman decompiler for this purpose. After opening the executable file with Snowman, everything looks familiar. However, as you can see in the decompiler, there is an expression “v216” and it is located just below the password entry. I will try using this as the password, and the answer appears before me.

Answer: qrbsz

Question: In which directory are the wordlists that come with Kali Linux stored?

Answer: /usr/share/wordlists

Question: Where is the directory that contains the names and numbers of users on a Linux system?

Answer: /etc/passwd


Lütfen yorumunuzu giriniz!
Lütfen isminizi buraya giriniz