Tryhackme-Web Hacking Fundamentals

Web Hacking Fundamentals

Web Fundamentals

task1 Introduction and objectives

1.Read and understand the information

task2 How do we load websites?

1.What request verb is used to retrieve page content?

get

2.What port do web servers normally listen on?

80

3.What’s responsible for making websites look fancy?

CSS

网页的实际内容通常是HTML、CSS和JavaScript的组合。 HTML 定义页面结构和内容。CSS 允许您更改页面的外观，使其看起来花哨。JavaScript 是一种在浏览器中运行的编程语言，允许您使页面交互或加载额外的内容。

task3 More HTTP - Verbs and request formats

1.What verb would be used for a login?

post

2.What verb would be used to see your bank balance once you’re logged in?

get

3.Does the body of a GET request matter? Yea/Nay

Nay

4.What’s the status code for “I’m a teapot”?

418

IETF在1998年愚人节时发布的一个笑话RFC，具体可以参考RFC 2324 - Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)超文本咖啡壶控制协议。
htcpcp1.0协议中的418的意义是：当客户端给一个茶壶发送泡咖啡的请求时，茶壶就返回一个418错误状态码，表示“我是一个茶壶“

5.What status code will you get if you need to authenticate to access some content, and you’re unauthenticated?

401

task4 Cookies, tasty!

1.Read and try and understand this information. Check out the link for extra information

task5 Mini CTF

1.What’s the GET flag?

thm{162520bec925bd7979e9ae65a725f99f}

curl http://10.10.103.59:8081/ctf/get

2.What’s the POST flag?

thm{3517c902e22def9c6e09b99a9040ba09}

curl -d flag_please http://10.10.103.59:8081/ctf/post

3.What’s the “Get a cookie” flag?

thm{91b1ac2606f36b935f465558213d7ebd}

火狐浏览器访问http://10.10.103.59:8081/ctf/getcookie,查看浏览器cookie

4.What’s the “Set a cookie” flag?

thm{c10b5cb7546f359d19c747db2d0f47b3}

修改domain为10.10.103.59的cookie名/值都为flagpls,访问http://10.10.103.59:8081/ctf/sendcookie;

或者在上一问使用curl -c cookie.txt http://10.10.103.59:8081/ctf/getcookie 获取cookie,修改cookie名/值为flagpls，再使用curl -b cookie.txt http://10.10.103.59:8081/ctf/sendcookie 得到flag

OWASP Top 10

task1 Introduction

• Injection
• Broken Authentication
• Sensitive Data Exposure
• XML External Entity
• Broken Access Control
• Security Misconfiguration
• Cross-site Scripting
• Insecure Deserialization
• Components with Known Vulnerabilities
• Insufficent Logging & Monitoring

task2 Accessing machines

Connect to our network or deploy the AttackBox.

task3 [Severity 1] Injection

I’ve understood Injection attacks.

task4 [Severity 1] OS Command Injection

I’ve understood command injection.

task5 [Severity 1] Command Injection Practical

1.What strange text file is in the website root directory?

drpepper.txt

2.How many non-root/non-service/non-daemon users are there?

0

3.What user is this app running as?

www-data

4.What is the user’s shell set as?

usr/sbin/nologin

5.What version of Ubuntu is running?

18.04.4

6.Print out the MOTD. What favorite beverage is shown?

DR PEPPER

00-header – /etc/update-motd.d/00-header 修改Ubuntu下ssh登录欢迎信息

task6 [Severity 2] Broken Authentication

1.I’ve understood broken authentication mechanisms.

task7 [Severity 2] Broken Authentication Practical

1.What is the flag that you found in darren’s account?

fe86079416a21a3c99937fea8874b667

注册用户时将darren和 darren认定为不同账户，登陆时认定为同一账户造成逻辑漏洞

2.Now try to do the same trick and see if you can login as arthur.

3.What is the flag that you found in arthur’s account?

d9acof7db4fda460ac3edeb75d75e16e

task8 [Severity 3] Sensitive Data Exposure (Introduction)

Read the introduction to Sensitive Data Exposure and deploy the machine.

task9 [Severity 3] Sensitive Data Exposure (Supporting Material 1)

Read and understand the supporting material on SQLite Databases.

task10 [Sev