CTF365 Security Shepherd Walkthrough - No Spoilers Just Hints
hopefully, lets try to do all of the CTF365 Security Shepherd lessons and challenges, and help everybody with all they need but no spoilers.
that doens't meant you don't need to do your learning, if i didn't write something, that means (a) learn the topic (b) read instructions.
simple way to work through is installing burp-suite CE and make it work with ssl, but i'll try to also teach, where possible, you can use other tools.
LESSONS
*any lession with a asterisk [*] in its name means that it would have been easier with burp, just altering the request. [need to install cert. etc.]
Broken Session Management*
the session is managed via cookies, can be changed via
Chrome Dev Tools (F12) -> Application tab -> Storage -> Cookies.
(maybe you must click the button 1st)
Cross-Site Request Forgery
after putting a value in the box and submitting, right-click and Inspect-Element the image.
you must put a full url i.e. https://.....
try put a funny image from google search.
Cross Site Scripting (XSS)
if you miss the answer itself written in-front of your eyes, time to learn some html and javascript.
Failure to Restrict URL Access
here you need to learn to research the html itself of the page(s) to see more content(s).
click F12, or right click and either Inspect Element or View Source.
*tip - learn the "display" css property and its values.
Insecure Cryptographic Storage
any online tool
Insecure Direct Object References*
looking at the html source we can see the ajax request and manually send it altered.
Poor Data Validation*
same as last one.
Security Misconfiguration
admin:password. make sure you're not on CAPS LOCK.
SQL Injection
the target db is mysql, so comment is "#". after 3 tries you get a hint, which is really the answer.
Untrusted Input
maybe one day i'll install the Mobile Machine
Unvalidated Redirects and Forwards
you must put a full url i.e. https://security-shepherd.ctf365.com/.... both times....
and user can start with a dash [-] like "-13245678"
that doens't meant you don't need to do your learning, if i didn't write something, that means (a) learn the topic (b) read instructions.
simple way to work through is installing burp-suite CE and make it work with ssl, but i'll try to also teach, where possible, you can use other tools.
LESSONS
*any lession with a asterisk [*] in its name means that it would have been easier with burp, just altering the request. [need to install cert. etc.]
Broken Session Management*
the session is managed via cookies, can be changed via
Chrome Dev Tools (F12) -> Application tab -> Storage -> Cookies.
(maybe you must click the button 1st)
Cross-Site Request Forgery
after putting a value in the box and submitting, right-click and Inspect-Element the image.
you must put a full url i.e. https://.....
try put a funny image from google search.
Cross Site Scripting (XSS)
if you miss the answer itself written in-front of your eyes, time to learn some html and javascript.
Failure to Restrict URL Access
here you need to learn to research the html itself of the page(s) to see more content(s).
click F12, or right click and either Inspect Element or View Source.
*tip - learn the "display" css property and its values.
Insecure Cryptographic Storage
any online tool
Insecure Direct Object References*
looking at the html source we can see the ajax request and manually send it altered.
Poor Data Validation*
same as last one.
Security Misconfiguration
admin:password. make sure you're not on CAPS LOCK.
SQL Injection
the target db is mysql, so comment is "#". after 3 tries you get a hint, which is really the answer.
Untrusted Input
maybe one day i'll install the Mobile Machine
Unvalidated Redirects and Forwards
you must put a full url i.e. https://security-shepherd.ctf365.com/.... both times....
and user can start with a dash [-] like "-13245678"
Comments
Post a Comment