User Flag Ater adding the target machine in /etc/hosts we conducted a NMAP scan. While accessing the IP over browser we got the following URL. After adding this URL in the /etc/hosts file we tried to access the URL. We tried to brute force the credentials manually and the following credential set worked. root:password UponContinue reading “HackTheBox – Keeper”
Category Archives: Web Application Security
Cross-site Scripting
It is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. Types of XSS Reflected XSS Stored XSS DOM based XSS Blind XSS Reflected XSS Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without anyContinue reading “Cross-site Scripting”
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
John The Ripper
John the Ripper is one of the most well known and efficient hash cracking tool. It is a fast in cracking, with an extraordinary range of compatible hash types. What is Hash? A hash is basically a fingerprint of any piece of data. The process of hashing is irreversible i.e. information once converted into aContinue reading “John The Ripper”
UNION based SQL Injection
Requirements for UNION based injection Rule: The number and the order of the columns must be the same in all queries The data types must be compatible For practice, we are going to use PortSwigger Labs, Lab: SQL injection UNION attack, determining the number of columns returned by the query Description: This lab contains anContinue reading “UNION based SQL Injection”
OWASP Juice Shop
Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”
Hydra
What is Hydra? Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool. We can use Hydra to run through a list and ‘bruteforce’ some authentication service. Imagine trying to manually guess someones password on a particular service (SSH, Web Application Form, FTP or SNMP) – we can useContinue reading “Hydra”
Upload Vulnerabilities
Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
OWASP TOP 10
OWASP stands for Open Web Application Security Project is a non profit organization that works on the improvement of security of software. They publishes report outlining security concerns for web application security focusing on top 10 most critical risks at free of cost. OWASP TOP 10 2017 report as follows: Injection Broken Authentication Sensitive DataContinue reading “OWASP TOP 10”
