Whitehat Wargame websecurity challenges



 Walkthrough of some Web security challenges that are present at Whitehat wargame
https://wargame.whitehat.vn/Challenges/List/2

Note: It is the walkthrough of challenge that is present not at the above link.
It is not a CTF

WebSecurity Challenge Web001






Visiting the URL mentioned.


So the flag is on web page itself. Lets check the view source.


The flag was in the view source as shown above.


WebSecurity Challenge Web002



Visiting the URL.


So nothing on this page.
Lets check the view source.


Search engines are guided by robots file.
Checking out for robots.txt file.



There was one entry.

Visiting the URL gave me the flag as shown below.



WebSecurity Challenges Web003






Visiting the URL gave me a login page as shown below:



Checking out view source:


Tried to login with username as test and password as test.


 The page did not have the flag.




After observing and analyzing cookie value 2 observation was made:
1)The user name test goes in the request.
2)The error on the page says that you are not admin.

So I refreshed the page and replaced test with admin as shown below:



Send the request.


And I got the Flag.

WebSecurity Challenges Web004

Quite a tricky challenge



Visiting the URL shows a password page.



There was also a script embed in the page. This challenge was all about decoding the script.
Encoding type is "6 character encoding jsfuck" It took lot of struggle to know about it and execute.



Executing the script gave the password.
Entering the password gave the flag.


WebSecurity Challenges Web005


Visiting the URL:


Login page. I can think of 3 ways to bypass login page.
1) Sql injection.
2) Parameter tampering.
3) Session fixation

Starting with some SQL injection payloads. I used many custom made payload and available fuzzers to solve it.
I used the following to get the Flag



Submitted the request and got the flag.


Comments

Post a Comment

Popular posts from this blog

MY OSCP REVIEW

Image
MY OSCP REVIEW About me I am just a guy who has done B.E (Computer Engineering), C.E.H and I am doing vulnerability assessment for different clients in Mumbai. Inspiration to do OSCP Wanted to read technical stuff only then skip this para. Like other guyz I thought that OSCP is one of the most difficult task in the world of IT Security. And yes, it is one the difficult mission you could ever face. Back in Dec 2014 I was really bored with the conventional vulnerability assessment thing, I wanted to do some more exploitation and some black hat stuff. But in our job we were not allowed to do so, as the environment used to be critical most of the time and time for completing the task was less. So I asked few question on some group in facebook regarding How can I learn more exploitation stuff. There was a guy with the name Mr.WhiteW0rm who have given me a brilliant answer and recommended me to do OSCP. That time I thought though I won't be able to do OSCP but at least I
Read more

Minishare 1.4.1 Bufferoverflow

Image
You can download the server from: https://www.dropbox.com/s/zhivgb79wtbce37/minishare-1.4.1.exe?dl=0 Exploit code in ruby: https://www.exploit-db.com/exploits/616/ The vulnerability is a long URL in the GET request. Eg:- GET AAAAAAAAAAAAAAAA..... HTTP/1.1 Lab Setup: 1) Windows xp ( I am using windows xp sp1) 2) Immunity debugger installed on the windows xp machine. 3) Minishare 1.4.1 installed on windows xp running on port 80. 2) Kali linux for scripting and exploiting. Configure the victim: I have installed Minishare server 1.4.1 and it is listening for connections on port 80, as depicted below. Generate Sample script to crash: We will try to smash the stack by sending a buffer of 2000 A's with the help of the following script. #!/usr/share/python import socket,sys s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((sys.argv[1],80)) buff="GET " buff+="A"*2000 buff+=" HTTP/1.1\r\n\r\n" s.send(buff) s.close
Read more