OWASP Top 10 Write Up | TryHackMe

https://tryhackme.com/room/owasptop10

Task 1, Task 4, Task6, Task8, Task9, Task10, Task12, Task15 , Task17, Task27, Task28, Task31 : No Answer Needed

Task 5 : [Severity 1] Command Injection Practical

Q : What strange text file is in the website root directory?

A : drpepper.txt

Q : How many non-root/non-service/non-daemon users are there?

A : 0

Q : What user is this app running as?

A : www-data

Q : What is the user’s shell set as?

A : /usr/sbin/nologin

Q : What version of Ubuntu is running?

A : 18.04.4

Q : Print out the MOTD. What favorite beverage is shown?

A : Dr Pepper

Task 7 : [Severity 2] Broken Authentication Practical

Q: What is the flag that you found in darren’s account?

A : fe86079416a21a3c99937fea8874b667

Q : What is the flag that you found in arthur’s account?

A : d9ac0f7db4fda460ac3edeb75d75e16e

Task 11 : [Severity 3] Sensitive Data Exposure (Challenge)

Q : What is the name of the mentioned directory?

A : /assets

Q : Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?

A : webapp.db

Q : Use the supporting material to access the sensitive data. What is the password hash of the admin user?

A : 6eea9b7ef19179a06954edd0f6c05ceb

Q : What is the admin’s plaintext password?

A : qwertyuiop

Q : Login as the admin. What is the flag?

A : THM{Yzc2YjdkMjE5N2VjMzNhOTE3NjdiMjdl}

Task 13 : [Severity 4 XML External Entity — eXtensible Markup Language

Q : Full form of XML

A : Extensible Markup Language

Q : Is it compulsory to have XML prolog in XML documents?

A : no

Q : Can we validate XML documents against a schema?

A : yes

Q : How can we specify XML version and encoding in XML document?

A : XML prolog

Task 14 : [Severity 4] XML External Entity — DTD

Q : How do you define a new ELEMENT?

A : !ELEMENT

Q : How do you define a ROOT element?

A : !DOCTYPE

Q : How do you define a new ENTITY?

A : !ENTITY

Task 16 : [Severity 4] XML External Entity — Exploiting

Q : What is the name of the user in /etc/passwd

A : falcon

Q : Where is falcon’s SSH key located?

A : /home/falcon/.ssh/id_rsa

Q : What are the first 18 characters for falcon’s private key

A : MIIEogIBAAKCAQEA7

Task 18 : [Severity 5] Broken Access Control (IDOR Challenge)

Q : Look at other users notes. What is the flag?

A : flag{fivefourthree}

Task 19 : Security Misconfiguration

Q : Hack into the webapp, and find the flag!

A : thm{4b9513968fd564a87b28aa1f9d672e17}

Task 20 : [Severity 7] Cross-site Scripting

Q : Navigate to http://MACHINE_IP/ in your browser and click on the “Reflected XSS” tab on the navbar; craft a reflected XSS payload that will cause a popup saying “Hello”.

A : ThereIsMoreToXSSThanYouThink

Q : On the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address.

A : ReflectiveXss4TheWin

Q : Now navigate to http://MACHINE_IP/ in your browser and click on the “Stored XSS” tab on the navbar; make an account.

Then add a comment and see if you can insert some of your own HTML.

A : HTML_T4gs

Q : On the same page, create an alert popup box appear on the page with your document cookies.

A : W3LL_D0N3_LVL2

Q : Change “XSS Playground” to “I am a hacker” by adding a comment and using Javascript.

A : websites_can_be_easily_defaced_with_xss

Task 21 : [Severity 8] Insecure Deserialization

Q : Who developed the Tomcat application?

A : The Apache Software Foundation

Q : What type of attack that crashes services can be performed with insecure deserialization?

A : Denial of Service

Task 22 : Severity 8] Insecure Deserialization — Objects

Q : if a dog was sleeping, would this be:

A : A Behaviour

Task 23 : [Severity 8] Insecure Deserialization — Deserialization

Q : What is the name of the base-2 formatting that data is sent across a network as?

A : Binary

Task 24 : [Severity 8] Insecure Deserialization — Cookies

Q : If a cookie had the path of webapp.com/login , what would the URL that the user has to visit be?

A : webapp.com/login

Q : What is the acronym for the web technology that Secure cookies work over?

A : HTTPS

Task 25 : [Severity 8] Insecure Deserialization — Cookies Practical

Q : 1st flag (cookie value)

A : THM{good_old_base64_huh}

Q : 2nd flag (admin dashboard)

A : THM{heres_the_admin_flag}

Task 26 : [Severity 8] Insecure Deserialization — Code Execution

Q : flag.txt

A : 4a69a7ff9fd68

Task 29 : [Severity 9] Components With Known Vulnerabilities — Lab

Q : How many characters are in /etc/passwd (use wc -c /etc/passwd to get the answer)

A : 1611

Task 30 : [Severity 10] Insufficient Logging and Monitoring

Q : What IP address is the attacker using?

A : 49.99.13.16

Q : What kind of attack is being carried out?

A : Brute Force