Try Hack Me: OWASP Top 10 Room Day 8 of 10

  • Visit http://10.10.166.76 and create an account. After logging in, right click on the page and choose “Inspect Element”
Inspect Element
  • By default the window that pops out lands on the “Inspector” tab. Click on the “Storage” tab, and copy the value of the sessionId which will be an encoded base64. We have to decode it to retrieve our first flag.
  • Use this command to decode a base64 echo ‘paste the base64 here in between the single quotes’ | base64 --decode
To decode a base64
Flag for [Task 26] [Day 8] Question 1
  • Change the value for userType from “user” to “admin” and hit enter
UserType value is user
User value changed to “admin”
Flag for [Task 26] [Day 8] Question 2
  • Click on “Exchange your vim” and click “Provide feedback!”
  • Enter a random feedback and click “Submit Feedback”
  • Start a netcat listener from your Kali machine. You can choose whichever port but I will be using 4444
Netcat is currently listening and waiting for an incoming connection
  • Create a python file on your Kali machine. I will use rce.py like the room creator did
  • Go to this link to copy the source code for the payload that we will be using to spawn a reverse shell https://gist.github.com/CMNatic/af5c19a8d77b4f5d8171340b9c560fc3 and paste the code to the file rce.py. Make sure to replace the “YOUR_TRYHACKME_VPN_IP” to your Kali’s VPN IP address (make sure to pick the tun0 adapter IP and not the eth0). Then save the file.
The payload we will use to get a reverse shell
  • Run the payload by typing python3 rce.py
  • Copy and paste the result on the terminal. Just copy the data in between the single quote marks
  • Enter the data from the above screenshot to the value of “encodedPayload”
  • Refresh the page and look at the netcat listener that you set up on your Kali
Now we got a reverse shell
  • Now, all that is left is to look for the flag.
Got the final flag!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store