Try Hack Me: OWASP Top 10 Room Day 3 of 10
This is a FREE (meaning you don’t have to pay for subscription, just create an account) room on Try Hack Me that contains challenges with a goal to teach one of the OWASP vulnerabilities everyday for 10 days in a row. The challenges are:
Day 1: Injection
Day 2: Broken Authentication
Day 3: Sensitive Data Exposure
Day 4: XML External Entity
Day 5: Broken Access Control
Day 6: Security Misconfiguration
Day 7: Cross-site Scripting
Day 8: Insecure Deserialization
Day 9: Components with Known Vulnerabilities
Day 10: Insufficient Logging & Monitoring
I am already working on “Day 3: Sensitive Data Exposure” so I will be starting my write-up with this. I blurred the answers so you will have to do the steps yourself to reveal them.
Below are the challenge questions: (I was assigned a web server IP of 10.10.141.24. Check your assigned IP address, yours will be different from mine)
- Have a look around the webapp. The developer has left themselves a note indication that there is sensitive data in a specific directory What is the name of the mentioned directory?
- Check each “Page Source”
2. Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
- Plugin the directory you found in the url bar
3. Use the supporting material to access the sensitive data. What is the password hash of the admin user?
- Query the flat-file database that we found in question 2
a. First, let’s check what database service was used on the file we found by using the command “File <filename>”
b. Let us access the database file using the command “sqlite3 <filename>”
c. Query what tables are in the database by using the command “.tables”
d. We have to look at the table information so we know how to read the data after we dump them from the table. We can use the command “”PRAGMA table_info(<table name>);”
e. Now, we have to dump the data from the table by using the command “SELECT * FROM <table name>;”
4. Crack the hash. What is the admin’s plaintext password?
- Let’s use the recommended material for this room to crack the password hash using “Crackstation”
5. Login as the admin. What is the flag?
- Login through the login page to retrieve the flag
Thank you for reading. Hope someone found this helpful. Look out for the Day 4 tasks tomorrow.