Web App Hacking Lab
I am stuck on the last question of this lab. Question 13 - Return to the /login page and log in as the admin of the site. What is the token you receive? I have been trying to use OWASP ZAP but cant seem to figure it out. Any help would be greatly appreciated. Thanks.17Views0likes0CommentsWhy I don't like: Find the Flaw
After done almost all "Find the Flaw" labs I'm trying to give a feedback about this mode. On one hand it's quite handy and nice, to see and define flaws and link them to the corresponding CWE. But sometimes it takes time... very long time (for 20 pts!). Here's an example, I want to share which I'm struggling with and which does not makes sense for me - and there are many FtF labs like this which are forcing me to do try and error. Let's take "Find the Flaw: Rust – Identification and Authentication Failures". You'll have a code like (for brevity I've shortend it a little bit): ... #[derive(Deserialize)] struct PasswordForm { token: String, password: String, } #[derive(Deserialize)] struct UserIdQuery { user_id: String, } async fn reset_password( Query(user_id_query): Query<UserIdQuery>, pool: axum::extract::Extension<SqlitePool>, Form(form): Form<PasswordForm>, ) -> Html<String> { let user_id = user_id_query.user_id; let token = form.token; let password = form.password; if password.len() < 8 || !password.chars().any(|c| c.is_lowercase()) { return Html("Password must be at least 8 characters long and contain at least one lowercase letter.".to_string()); } let hashed_password = sha256(password.as_bytes()); let hashed_password_hex = hex::encode(hashed_password); let pool = pool.0; let result = query("SELECT user_id FROM password_resets WHERE token = ?").bind(token) .fetch_optional(&pool) .await; match result { Ok(Some(_)) => { let update_result = query( "UPDATE users SET password = ? WHERE id = ?") .bind(hashed_password_hex) .bind(user_id) .execute(&pool) .await; ... } pub async fn main() -> Result<(), std::io::Error> { ... .route("/reset_password", post(reset_password)) ... so, on the first glimpse you'll notice: let result = query("SELECT user_id FROM password_resets WHERE token = ?").bind(token) .fetch_optional(&pool) .await; and you think: cool, as long as I have a valid token I can reset ANY password, because the UserIdQuery holds the user_id from the query parameters. That must be the error. And it's clearly CWE-640 - Weak Password Recovery Mechanism for Forgotten Password. Boom! But lab says: "Correct Vulnerability but Incorrect Line" Then you say, ok.. something might be missing... or too much. you'll remove lines, 3... 2.. 1.. nothing. maybe I need to add the update password procedure? so let's click the lines on: let result = query("SELECT user_id FROM password_resets WHERE token = ?") .bind(token) .fetch_optional(&pool) .await; and... ? "Correct Vulnerability but Incorrect Line" now you start clicking on 1 up to 7 lines in all different combinations (no .await, but .bind) but: "Correct Vulnerability but Incorrect Line" You add another part of the code, which could make sense like: let user_id = user_id_query.user_id; let token = form.token; let password = form.password; Again here you start shuffling all the options (now you click between 1 up to 10 lines in all different variations) but all you get is this "Correct Vulnerability but Incorrect Line". You read again the hint you've got with the wrong answer: "Consider how the password is being reset". Yes I did, really! All the time! and so on and so on... probably I've clicked now hundreds of different combinations and so on and I start believing there's a bug in the lab (would not be the first one on this collection). So, how is it for you those "Find the flaw" labs? You like them? You struggle with them? greetings -steven ps: If you have the solution or any other hint for this one, ping me :)39Views0likes3CommentsRadare2 Reverse Engineering: Ep.1 – Windows Binary Part 1
I have managed to find the answers to all of the questions within this lab except for question 6. I can not seem to figure out the appropriate step(s) or action(s) to take find the correct answer for this question. Any insight or guidance on what I'm missing / doing incorrectly and how to correct it would be greatly appreciated. I have provided a few screenshots for reference. Thanks in advance.33Views2likes2CommentsThreat Hunting: Cowrie Honeypot - Question on Panama
Has anyone completed the Threat Hunting: Cowrie Honeypot lab? Question 5 asks: Using the Location Overview dashboard provided by the Tango Honeypot Intelligence app, how many successful logins occurred in Panama? However, there are no logs with the src or destination IP at all for Panama. As this lab looks quite old I am suspecting that the GeoLocation for the IP has changed somewhat, but was wondering if anyone managed to complete this and/or has the answer the to question as it's the one stopping me from completing the Threat Hunting module.33Views1like2CommentsThe Haunted Hollow: The Cursed Crypt
Hello, I'm a little stuck on the Challenges & Scenarios section for the lab: The Haunted Hollow: The Cursed Crypt On one of the labs that fall into this category - The Cursed Crypt For questions 3-5 I am copying and pasting the sections on all 4 riddles into CyberChef in the input field but not really sure what to do from here? I was able to answer question 1 as it had a wand icon which deciphered the riddle 1 but a little stumped on the rest? Any help please?52Views1like4CommentsHelp needed for Threat Hunting: Mining Behaviour
Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authentication key that identifies the miner. Anyone was able to solve and help? Thanks!Solved171Views1like5CommentsHalloween 2020: Ep.1 – Death by Ink
Hello, On the lab Halloween 2020: Ep.1 – Death by Ink - there is a target IP address - 10.102.81.69 but copying and pasting the IP address in Firefox doesn't load. I tried reverse DNS lookup and got the domain name which again I copied and pasted into Firefox to no avail. host-78-151-118-218.as13285.net Also ran the IP address as //10.102.81.69 on the equivalent of File explorer on the virtual machine but to no avail. What might I be doing incorrectly?21Views0likes1CommentAI: Prompt Injection Attacks
I've found the password for L1 on the above Lab, which it says it acknowledges as being correct, but it's not unlocking Level 2. Any advice? Do I just need to type in the password (in the correct case sensitive way); i've also tried it with a / before hand and within <>31Views1like6Comments