Complete TryHackMe WebAppSec 101Walkthrough

TryHackMe WebAppSec 101
TryHackMe WebAppSec 101

https://tryhackme.com/room/webappsec101

Task 1  Basic Description & Objectives

Complete TryHackMe WebAppSec 101Walkthrough

Task 2  Walking through the application

Complete TryHackMe WebAppSec 101Walkthrough

On task 2 we will understand how to verify when dealing with a webserver

Answer the questions below

What version of Apache is being used?

nmap -sV -sC -A 10.10.118.26
Complete TryHackMe WebAppSec 101Walkthrough

Execute a curl command and save the output into a file:

curl -s -D info_header.txt 10.10.118.26 > /dev/null

Read the file content and extract the values for the answers.

cat info_header.txt
Complete TryHackMe WebAppSec 101Walkthrough

What language was used to create the website?

We can check this on X-Powered-By header.

PHP

What version of this language is used?

We can check this on X-Powered-By header.

5.5.9

Task 3  Establishing a methodology

Complete TryHackMe WebAppSec 101Walkthrough

Task 4  Authentication

Complete TryHackMe WebAppSec 101Walkthrough

Open your Ip inside firefox and open Burpsuite to intercept all requests between our browser and the webserver. Let’s investigate a little bit our communication flow.

Complete TryHackMe WebAppSec 101Walkthrough
tmp

Answer the questions below

What is the admin username?

What is the admin password?

What is the name of the cookie that can be manipulated?   

SESSION

What is the username of a logged on user?

What is the corresponding password to the username?

Task 5  Cross Site Scripting (XSS)

Complete TryHackMe WebAppSec 101Walkthrough

Answer the questions below

Test for XSS on the search bar

<script>alert("RFS")</script>

Test for XSS on the guestbook page

<script>alert("RFS")</script>

Test for XSS behind the flash form on the home page

<script>alert("RFS")</script>

Task 6  Injection

Complete TryHackMe WebAppSec 101Walkthrough

Task 7  Miscellaneous & Logic Flaws

Complete TryHackMe WebAppSec 101Walkthrough

Answer the questions below

Find a parameter manipulation vulnerability

Find a directory traversal vulnerability

Find a forceful browsing vulnerability

Logic flaw: try get an item for free