OWASP Top 10 Writeup
- Name: OWASP Top 10
- Description: Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
- Room: tryhackme.com
Task 5-[Severity 1] Command Injection Practical
What strange text file is in the website root directory?
How many non-root/non-service/non-daemon users are there?
0 (“cat /etc/passwd command,
it seems there is no non-root/non-service/non-daemon users.”)
What user is this app running as?
What is the user’s shell set as?
What version of Ubuntu is running?
Print out the MOTD. What favorite beverage is shown?
Dr Pepper (“ls -1 /etc/update-motd.d/”)
Task 7-[Severity 2] Broken Authentication Practical
What is the flag that you found in darren’s account?
What is the flag that you found in arthur’s account?
Task 11-[Severity 3] Sensitive Data Exposure (Challenge)
What is the name of the mentioned directory?
Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
Use the supporting material to access the sensitive data. What is the password hash of the admin user?
Crack the hash.
What is the admin’s plaintext password?
Crack the password with crackstation.
Login as the admin. What is the flag?
Task 13-[Severity 4] XML External Entity — eXtensible Markup Language
Full form of XML
Extensible Markup Language
Is it compulsory to have XML prolog in XML documents?
Can we validate XML documents against a schema?
How can we specify XML version and encoding in XML document?
XML prolog (“Above the line is called XML prolog and it specifies the XML version and the encoding used in the XML document”)
Task 14-[Severity 4] XML External Entity — DTD
How do you define a new ELEMENT?
How do you define a ROOT element?
How do you define a new ENTITY?
Task 16-[Severity 4] XML External Entity — Exploiting
What is the name of the user in /etc/passwd
Where is falcon’s SSH key located?
What are the first 18 characters for falcon’s private key
Task 19-[Severity 6] Security Misconfiguration
Hack into the webapp, and find the flag!
default account => pensive : PensiveNotes
Task 20-[Severity 7] Cross-site Scripting
Navigate to http://MACHINE_IP/ in your browser and click on the “Reflected XSS” tab on the navbar; craft a reflected XSS payload that will cause a popup saying “Hello”.
On the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address.
Now navigate to http://MACHINE_IP/ in your browser and click on the “Stored XSS” tab on the navbar; make an account.
Then add a comment and see if you can insert some of your own HTML.
<b>noraj is bold</b>
On the same page, create an alert popup box appear on the page with your document cookies.
<script>document.querySelector("#thm-title").textContent = "I am a hacker"</script>
Task 22-[Severity 8] Insecure Deserialization — Objects
Select the correct term of the following statement:
if a dog was sleeping, would this be:
A) A State
B) A Behaviour
Task 23-[Severity 8] Insecure Deserialization — Deserialization
What is the name of the base-2 formatting that data is sent across a network as?
Task 24-[Severity 8] Insecure Deserialization — Cookies
If a cookie had the path of webapp.com/login , what would the URL that the user has to visit be?
What is the acronym for the web technology that Secure cookies work over?
Task 25-[Severity 8] Insecure Deserialization — Cookies Practical
1st flag (cookie value)
echo ‘gAN9cQAoWAkAAABzZXNzaW9uSWRxAVggAAAAYzdkYzQ0ODM4ZTA4NDdiMWI0NTU0NDk0OGE5MmQxOTRxAlgLAAAAZW5jb2RlZGZsYWdxA1gYAAAAVEhNe2dvb2Rfb2xkX2Jhc2U2NF9odWh9cQR1Lg==’ | base64 -d
2nd flag (admin dashboard)
Task 26-[Severity 8] Insecure Deserialization — Code Execution
Task 29-[Severity 9] Components With Known Vulnerabilities — Lab
How many characters are in /etc/passwd (use wc -c /etc/passwd to get the answer)
Task 30-[Severity 10] Insufficient Logging and Monitoring
What IP address is the attacker using?
What kind of attack is being carried out?
thank you 🌏🔥