tryhackme OWASP Top 10

TASK 5:

What strange text file is in the website root directory?

drpepper.txt

ls ./

How many non-root/non-service/non-daemon users are there?

0

cat /etc/passwd | cut -d: -f1 

What user is this app running as?

www-data

whoami

What is the user's shell set as?

/usr/sbin/nologin

cat /etc/passwd

What version of Ubuntu is running?

18.04.4

cat /etc/os-release

Print out the MOTD.  What favorite beverage is shown?

Dr Pepper

cat drpepper.txt 

TASK 7

What is the flag that you found in darren's account?

fe86079416a21a3c99937fea8874b667

 

What is the flag that you found in arthur's account?

 d9ac0f7db4fda460ac3edeb75d75e16e

TASK 11

Have a look around the webapp. The developer has left themselves a note indicating that there is sensitive data in a specific directory. 

What is the name of the mentioned directory?

/assets

Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?

webapp.db

Use the supporting material to access the sensitive data. What is the password hash of the admin user?

6eea9b7ef19179a06954edd0f6c05ceb

Crack the hash.
What is the admin's plaintext password?

qwertyuiop

Login as the admin. What is the flag?

THM{Yzc2YjdkMjE5N2VjMzNhOTE3NjdiMjdl}

TASK 13:

Full form of XML

eXtensible Markup Language

Is it compulsory to have XML prolog in XML documents?

no

Can we validate XML documents against a schema?

yes

How can we specify XML version and encoding in XML document?

XML Prolog

TASK 14

How do you define a new ELEMENT?

!ELEMENT

How do you define a ROOT element?

!DOCTYPE

How do you define a new ENTITY?

!ENTITY

TASK 16

What is the name of the user in /etc/passwd

falcon

Where is falcon's SSH key located?

/home/falcon/.ssh/id_rsa

What are the first 18 characters for falcon's private key

MIIEogIBAAKCAQEA7bq

TASK 18

Look at other users notes. What is the flag?

flag{fivefourthree}

TASK 19

Hack into the webapp, and find the flag!

thm{4b9513968fd564a87b28aa1f9d672e17}         #谷歌可以搜出来 百度不太行 这是国外的cms

TASK 20

Navigate to http://10.10.168.163/ in your browser and click on the "Reflected XSS" tab on the navbar; craft a reflected XSS payload that will cause a popup saying "Hello".

ThereIsMoreToXSSThanYouThink

On the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address.

ReflectiveXss4TheWin

Now navigate to http://10.10.168.163/ in your browser and click on the "Stored XSS" tab on the navbar; make an account.

Then add a comment and see if you can insert some of your own HTML.

HTML_T4gs

On the same page, create an alert popup box appear on the page with your document cookies.

W3LL_D0N3_LVL2

Change "XSS Playground" to "I am a hacker" by adding a comment and using Javascript.

websites_can_be_easily_defaced_with_xss

TASK 21

Who developed the Tomcat application?

The Apache Software Foundation

What type of attack that crashes services can be performed with insecure deserialization?

Denial of Service

TASK 24

If a cookie had the path of webapp.com/login , what would the URL that the user has to visit be?

webapp.com/login

What is the acronym for the web technology that Secure cookies work over?

https

TASK 25:

1st flag (cookie value)

THM{good_old_base64_huh}

2nd flag (admin dashboard)

THM{heres_the_admin_flag}

TASK 26

flag.txt

4a69a7ff9fd68

TASK 29

How many characters are in /etc/passwd (use wc -c /etc/passwd to get the answer)

1611

TASK 30

What IP address is the attacker using?

49.99.13.16

What kind of attack is being carried out?

brute force