Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Pen testing 2 walk through


Pen testing 2 walk through

By synstealth avatarsynstealth | 41513 Reads |
0     0

Pen Test 2 Challenge By synstealth

Before we begin, I would like to emphasize on the knowledge required to beat this challenge. You must have the following skills before being able to understand what you are looking for in this penetration test. Also this site gives out hints and clues on what to look for which definitely makes the challenge a lot easier, so watch out for those clues because you will need it

Skills required to beat this; Understanding how a website works, knowledge of basic HTML, and knowing where to look. LFI exploit XSS exploit CSRF exploit

First you will want to visit each link you can find on this site, you should be able to find at least one interesting place to perform your attack and don’t forget to read the entire site for names, clues and messages. Now after searching the entire site, we have found two names that are important. Now that we have done the most we can on this site, the login doesn’t work, the news section doesn’t do much, what about the registration page? Notice the message says No new users allowed, Sorry What about the admin? We could do something that can be registered as that user? Let’s do that 60 pts for overwriting an existing user

After the registration has been a success, the login now works, let’s log in with the password you used and you will see on the right side pane, the user information appears with new links. There links, which we will want to access, on one of those links, it will have a message hint telling you what you can do with it. 10 pts for finding the URL path to ***

Don’t forget we are supposed to access a specific name that was mentioned on the website, let’s access that somehow 35 pts for viewing the *** directly

Now that we have been accessing the URL, this time let’s test some exploits by putting in a single quote ’ next to the equal sign &=’ in the URL and see what happens. Notice in the title bar, it shows '. This tells me it is being filtered for quotes, ok that’s fine, let’s test something else like javascript tags - put in a certain injection that will alert a message, don’t forget to close the title before putting in the injection. When you do that. You just performed XSS exploit 30 pts for finding XSS hole

Now back to the profile page, there is one more place where you definitely will want to go to but it also gives you a message major hint telling you what you can do with that link Find it yet? GREAT Let’s move on. Once you understand the message clearly, you will know what to do with it. Now this part should be easy because it is a well-known CSRF Cross Site Request Forgery exploit where you can inject something in the field that displays an image. 40 Points for performing CSRF injection

Thank you for reading and hope this is not too much of a spoiler -synstealth

Comments
Huitzilopochtli's avatar
Huitzilopochtli 10 years ago

thumbs up

GLA-Hacker's avatar
GLA-Hacker 10 years ago

CSRF injection does not work for me.:(:( I used full path, relative path, > thing loged on and out but nothing:|

omega_tek's avatar
omega_tek 9 years ago

thumbs upthumbs upthumbs up**thumbs up

deanurschel's avatar
deanurschel 5 years ago

<script>alert(1)</script>

deanurschel's avatar
deanurschel 5 years ago

jk