Skip to main content

TRYHACKME NEIGHBOUR WALK-THROUGH



Neighbour is an easy-level machine that I was able to solve in 5 minutes. 
Make sure you are connected to VPN and the victim machine is up and running.
Browsing to the IP generated opens up a web login interface, which requires a valid username and password. 


At this point, you can test for multiple vulnerabilities like SQL injection, default credentials, and all but for now, we will keep it simple here as the hint says to look into the source. 


Looking at the source code we find a pair of credentials and also an additional username admin.


After logging in as a guest we observe an anomaly in the URL, the user parameter defines the current user we are logged in as, assuming that the back end treats this parameter as an object we can try to reference it to another user, so we try to access admin panel via IDOR.


And we successfully log in as an admin user and we also retrieved the flag.

Preventions:- 
  • Verification of all referenced objects should be done.
  • Implement access control on all endpoints.
  • Use hashes or random strings for some obvious parameters so that they cannot be guessed instead of plain text or incremented/decremented integer

Happy hacking !!

Comments

Post a Comment

Popular posts from this blog

KIOPTRIX LEVEL 1 WALKTHROUGH WITH AND WITHOUT METASPLOIT

Kioptrix Level 1 is a beginner level CTF challenge. You can download this virtual machine from here .  Details of Kioptrix : Size----186 MB OS---Linux Note: In virtual box, set up a Bridged network (virtual box -> preferences -> network) in networking, put both your Kali and Kioptrix to Bridged network. Fire-up both the machines(Kali and Kioptrix Level 1) Kioptrix will ask for the logins which we don't know at the moment. This also means we can't find IP of the Kioptrix directly from the Kioptrix machine itself. Leave the Kioptrix machine as it is and switch to Kali. First we need to find the IP address of the Kioptrix machine. We will use the tool netdiscover that comes pre-installed in Kali Linux to identify the IP address. Command   sudo netdiscover -i eth0 Wait  for scan results. 192.168.233.130 seems to be the IP of the Kioptrix machine. Let's scan this IP address using the tool Nmap (scan will also verify that its the IP of Kioptrix machine) Command  sudo nmap
1 comment
Read more

HTB GRANDPA WALKTHROUGH

HackTheBox  is an excellent platform for various pen-testers to increase their testing skills and knowledge. Machine Level -Easy Machine Name -Grandpa Machine OS -Windows Machine IP -10.10.10.14 Tools: Nmap  -Nmap is a fantastic tools for scanning the open ports, services and OS detection. You can use other tools other than nmap (which ever you are more comfortable with ) like masscan, SPARTA etc to scan for open ports. Metasploit  -One of the most common and widely used tool by pen-testers to launch exploits, it is maintained by Rapid 7 . Many books are available to understand the features of this tool. Method : Scanning the machine is the first step(i.e. Enumeration). We use the following nmap command, sudo nmap -T4 -p- -A 10.10.10.14 The command  scans for all ports(-p-) with threads speed 4 (-T4) and also gives you version details  (-A). So, only port 80 is open. Its says its running Microsoft IIS 6.0 , but first lets visit the victim's IP and see what's there
Post a Comment
Read more

VULNHUB INFOSEC PREP : OSCP

Welcome to the walkthrough of InfoSec Prep: OSCP walkthrough. It is a beginner-level boot2root machine and it can be downloaded from  here . I cracked this machine literally 5 minutes after it booted properly. So you can consider this machine the easiest.  Hint: Nmap Finding secret.txt and decoding it. Login via ssh. Privilege escalation to root via SUID binary.  Boot up the machine and it should show the IP address. We start off by pinging the box to verify that the box is up and running and we can reach out to it. Command: ping <IP> Then we can run Nmap scan to look for open ports and services running on the box. We will use -sC for running default scripts, -sV for Version/Service info and -T4 for faster execution, and -o for saving the result on a file named nmap The command is: sudo nmap -sC -sV -T4 <IP> -o filename Looking at the scan results, port 22 is open and running ssh, and port 80 is open, and it's running Apache. We can also see a directory named secret.txt
Post a Comment
Read more