https://tryhackme.com/room/webappsec101
Task 1 Basic Description & Objectives
Task 2 Walking through the application
On task 2 we will understand how to verify when dealing with a webserver
Answer the questions below
What version of Apache is being used?
nmap -sV -sC -A 10.10.118.26
Execute a curl command and save the output into a file:
curl -s -D info_header.txt 10.10.118.26 > /dev/null
Read the file content and extract the values for the answers.
cat info_header.txt
What language was used to create the website?
We can check this on X-Powered-By header.
PHP
What version of this language is used?
We can check this on X-Powered-By header.
5.5.9
Task 3 Establishing a methodology
Task 4 Authentication
Open your Ip inside firefox and open Burpsuite to intercept all requests between our browser and the webserver. Let’s investigate a little bit our communication flow.
Answer the questions below
What is the admin username?
What is the admin password?
What is the name of the cookie that can be manipulated?
SESSION
What is the username of a logged on user?
What is the corresponding password to the username?
Task 5 Cross Site Scripting (XSS)
Answer the questions below
Test for XSS on the search bar
<script>alert("RFS")</script>
Test for XSS on the guestbook page
<script>alert("RFS")</script>
Test for XSS behind the flash form on the home page
<script>alert("RFS")</script>
Task 6 Injection
Task 7 Miscellaneous & Logic Flaws
Answer the questions below
Find a parameter manipulation vulnerability
Find a directory traversal vulnerability
Find a forceful browsing vulnerability
Logic flaw: try get an item for free