Web fundamentals (using burpsuit and curl) - TryHackMe!

-
web

Task 1,2,3,4

You can read their document carefully and find the answers. You can find two answers by given link on firefox HTTP format page.

Task 5 (Mini CTF)

Here I will show two methods. Watch my video for visual understanding https://youtu.be/6j4Ghryj0mY

Here is the webpage you getting :

Burpsuite option

Go to the burpsuit and lunch browser then type your machine ip with the port. http://10.10.248.152:8081 this was my IP yours must be changed.

  1. select the right HTTP request and press CTRL+R to go to the repeater. Then type your first clue and send it.
  1. Then type your second clue after changing the GET to POST request. Then go to the action tab and select url encode as you type and send it.
  1. Now we need to get cookie. change first line to the ‘GET /ctf/getcookie’ and send it.
  1. Now we need to send cookie. for that we need to change the request to ‘GET /ctf/sendcookie’ and go to the inspector tab and add a cookie.

CURL option (TryHackMe method)

  1. GET request. /ctf/get
┌──(kali㉿kali)-[~]
└─$ curl http://10.10.248.152:8081/ctf/get
thm{flag}
  1. POST request. /ctf/post
┌──(kali㉿kali)-[~]
└─$ curl http://10.10.248.152:8081/ctf/post -X POST --data "flag_please"           
thm{flag}
  1. Get a cookie. /ctf/getcookie
┌──(kali㉿kali)-[~]
└─$ curl -c - 'http://10.10.248.152:8081/ctf/getcookie'          
Check your cookies!# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

10.10.248.152   FALSE   /       FALSE   0       flag    thm{flag}
  1. Set a cookie. /ctf/sendcookie
┌──(kali㉿kali)-[~]
└─$ curl -v --cookie 'flagpls=flagpls' http://10.10.248.152:8081/ctf/sendcookie
*   Trying 10.10.248.152:8081...
* Connected to 10.10.248.152 (10.10.248.152) port 8081 (#0)
> GET /ctf/sendcookie HTTP/1.1
> Host: 10.10.248.152:8081
> User-Agent: curl/7.74.0
> Accept: */*
> Cookie: flagpls=flagpls
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 18 May 2021 04:43:04 GMT
< Content-Length: 37
< Content-Type: text/plain; charset=utf-8
< 
* Connection #0 to host 10.10.248.152 left intact
thm{flag}

Little secret

You can use mozila firefox to get flag
example : http://10.10.248.152:8081/ctf/get

This method you can use to ‘GET’ request …

Popular posts from this blog

Mustacchio - TryHackMe

-
Image
thm What we can learn from this machine : XXE injection Enumerations SUID exploit let’s start with a nmap scan. normal nmap scan found port 80 webserver called Mustacchio and port 22 ssh open running ubuntu. I try to running a full nmap scan for see more ports are open above the port 1000. # Nmap 7.91 scan initiated Sat Jun 12 14:57:25 2021 as: nmap -sC -sV -p- -oN scans/nmap-allports 10.10.236.36 Nmap scan report for 10.10.236.36 Host is up (0.15s latency). Not shown: 65532 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 d3:9e:50:66:5f:27:a0:60:a7:e8:8b:cb:a9:2a:f0:19 (RSA) | 256 5f:98:f4:5d:dc:a1:ee:01:3e:91:65:0a:80:52:de:ef (ECDSA) |_ 256 5e:17:6e:cd:44:35:a8:0b:46:18:cb:00:8d:49:b3:f6 (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 1 disallowed entry |_/ |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-t...
Read more

Tech_Supp0rt: 1 - TryHackMe

-
Image
Welcome file Welcome to another CTF-writeup !! Tech_support:1 by vikaran. What we can learn from this machine. nmap scan , smbmap etc. (enumeration skills) subrion cms 4.2.1 RCE iconv sudo permission to overwritten files and read the files Let’s start with enumeration. First with nmap to see what port we have in the box. Nmap scan ┌── ( defalt@kali ) - [ ~/Documents/tryhackme/Tech_Supp0rt:1 ] └─$ nmap -sC -sV 10.10.168.200 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-15 21:29 PDT Nmap scan report for 10.10.168.20 Host is up ( 0.37s latency ) . Not shown: 996 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 2048 10:8a:f5:72:d7:f9:7e:14:a5:c5:4f:9e:97:8b:3d:58 ( RSA ) | 256 7f:10:f5:57:41:3c:71:db:b5:5b:db:75:c9:76:30:5c ( ECDSA ) | _ 256 6b:4c:23:50:6f:36:00:7c:a6:7c:11:73:c1:a8:60:0c ( ED25519 ) 80/tcp open http Apache ht...
Read more

Nmap - TryHackMe!

-
Image
nmap Task 2 What networking constructs are used to direct traffic to the right application on a server? ports How many of these are available on any network-enabled computer? 65535 [Research] How many of these are considered “well-known”? (These are the “standard” numbers mentioned in the task)? 1024 Task 3 What is the first switch listed in the help menu for a ‘Syn Scan’ (more on this later!)? -sS Which switch would you use for a “UDP scan”? -sU If you wanted to detect which operating system the target is running on, which switch would you use? -O Nmap provides a switch to detect the version of the services running on the target. What is this switch? -sV The default output provided by nmap often does not provide enough information for a pentester. How would you increase the verbosity? -v Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two? (Note: it’s highly advisable to a...
Read more