Web fundamentals (using burpsuit and curl) - TryHackMe!

-
web

Task 1,2,3,4

You can read their document carefully and find the answers. You can find two answers by given link on firefox HTTP format page.

Task 5 (Mini CTF)

Here I will show two methods. Watch my video for visual understanding https://youtu.be/6j4Ghryj0mY

Here is the webpage you getting :

Burpsuite option

Go to the burpsuit and lunch browser then type your machine ip with the port. http://10.10.248.152:8081 this was my IP yours must be changed.

  1. select the right HTTP request and press CTRL+R to go to the repeater. Then type your first clue and send it.
  1. Then type your second clue after changing the GET to POST request. Then go to the action tab and select url encode as you type and send it.
  1. Now we need to get cookie. change first line to the ‘GET /ctf/getcookie’ and send it.
  1. Now we need to send cookie. for that we need to change the request to ‘GET /ctf/sendcookie’ and go to the inspector tab and add a cookie.

CURL option (TryHackMe method)

  1. GET request. /ctf/get
┌──(kali㉿kali)-[~]
└─$ curl http://10.10.248.152:8081/ctf/get
thm{flag}
  1. POST request. /ctf/post
┌──(kali㉿kali)-[~]
└─$ curl http://10.10.248.152:8081/ctf/post -X POST --data "flag_please"           
thm{flag}
  1. Get a cookie. /ctf/getcookie
┌──(kali㉿kali)-[~]
└─$ curl -c - 'http://10.10.248.152:8081/ctf/getcookie'          
Check your cookies!# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

10.10.248.152   FALSE   /       FALSE   0       flag    thm{flag}
  1. Set a cookie. /ctf/sendcookie
┌──(kali㉿kali)-[~]
└─$ curl -v --cookie 'flagpls=flagpls' http://10.10.248.152:8081/ctf/sendcookie
*   Trying 10.10.248.152:8081...
* Connected to 10.10.248.152 (10.10.248.152) port 8081 (#0)
> GET /ctf/sendcookie HTTP/1.1
> Host: 10.10.248.152:8081
> User-Agent: curl/7.74.0
> Accept: */*
> Cookie: flagpls=flagpls
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 18 May 2021 04:43:04 GMT
< Content-Length: 37
< Content-Type: text/plain; charset=utf-8
< 
* Connection #0 to host 10.10.248.152 left intact
thm{flag}

Little secret

You can use mozila firefox to get flag
example : http://10.10.248.152:8081/ctf/get

This method you can use to ‘GET’ request …

Popular posts from this blog

Mustacchio - TryHackMe

-
Image
thm What we can learn from this machine : XXE injection Enumerations SUID exploit let’s start with a nmap scan. normal nmap scan found port 80 webserver called Mustacchio and port 22 ssh open running ubuntu. I try to running a full nmap scan for see more ports are open above the port 1000. # Nmap 7.91 scan initiated Sat Jun 12 14:57:25 2021 as: nmap -sC -sV -p- -oN scans/nmap-allports 10.10.236.36 Nmap scan report for 10.10.236.36 Host is up (0.15s latency). Not shown: 65532 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 d3:9e:50:66:5f:27:a0:60:a7:e8:8b:cb:a9:2a:f0:19 (RSA) | 256 5f:98:f4:5d:dc:a1:ee:01:3e:91:65:0a:80:52:de:ef (ECDSA) |_ 256 5e:17:6e:cd:44:35:a8:0b:46:18:cb:00:8d:49:b3:f6 (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 1 disallowed entry |_/ |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-t
Read more

Tech_Supp0rt: 1 - TryHackMe

-
Image
Welcome file Welcome to another CTF-writeup !! Tech_support:1 by vikaran. What we can learn from this machine. nmap scan , smbmap etc. (enumeration skills) subrion cms 4.2.1 RCE iconv sudo permission to overwritten files and read the files Let’s start with enumeration. First with nmap to see what port we have in the box. Nmap scan ┌── ( defalt@kali ) - [ ~/Documents/tryhackme/Tech_Supp0rt:1 ] └─$ nmap -sC -sV 10.10.168.200 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-15 21:29 PDT Nmap scan report for 10.10.168.20 Host is up ( 0.37s latency ) . Not shown: 996 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 2048 10:8a:f5:72:d7:f9:7e:14:a5:c5:4f:9e:97:8b:3d:58 ( RSA ) | 256 7f:10:f5:57:41:3c:71:db:b5:5b:db:75:c9:76:30:5c ( ECDSA ) | _ 256 6b:4c:23:50:6f:36:00:7c:a6:7c:11:73:c1:a8:60:0c ( ED25519 ) 80/tcp open http Apache ht
Read more

Juicy Details - TryHackMe

-
Image
thm What we can learn from this machine? How to read and understand the firefox log files About sql injection Reconnaissance What tools did the attacker use? (Order by the occurrence in the log) : : ffff : 192.168 . 10.5 - - [ 11 / Apr / 2021 : 09 : 08 : 34 + 0000 ] "POST / HTTP/1.1" 200 1924 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" : : ffff : 192.168 . 10.5 - - [ 11 / Apr / 2021 : 09 : 16 : 29 + 0000 ] "POST /rest/user/login HTTP/1.0" 401 26 "-" "Mozilla/5.0 (Hydra)" : : ffff : 192.168 . 10.5 - - [ 11 / Apr / 2021 : 09 : 29 : 14 + 0000 ] "GET /rest/products/search?q=1 HTTP/1.1" 200 - "-" "sqlmap/1.5.2#stable (http://sqlmap.org)" : : ffff : 192.168 . 10.5 - - [ 11 / Apr / 2021 : 09 : 32 : 51 + 0000 ] "GET /rest/products/search?q=qwert%27))%20UNION%20SELECT%20id,%20email,%20passwor
Read more