TryHackMe - Walking an Application

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone i hope you're all doing well today we are going to continue with our journey through the junior penetration tester path from try hack me and today we are going to do a walkthrough of this walking and application room so let's go to it um i already started my machine you don't have to um to configure a virtual machine with kali or anything like that because try hack me actually gives you the option of having your own virtual machine on your browser so that's really cool yeah but i prefer to run things on my my local vm because it's smoother in my opinion um but yeah so first and foremost i would like to give a shout out to adam because he is the creator of this room um make sure you give him some love i'll i'll leave the the links to his socials in the description below so as you can see he already created a lot of rooms for you to practice on so yeah once again make sure you show him some love and let's get started with our room so the objective here will be manually review a web application for security issues using only your browser's developer tools packing with just your browser no tools or scripts so let's get let's get started um here on our task one we have basically an introduction and here are the tools that we are going to use in our browser the view source so we are going to view the page source the inspector a debugger and the network tool as well so since i already got the machine running we already have access to our page so here are it is our page i'm gonna zoom in to make sure you can see it so this is the home page yeah then we have the news i guess these are some articles um or some blog posts here we have a contact page and a customers oh this is where you should be logging in okay so let's get back to home um i confirmed that i have deployed the virtual machine and opened the website yes okay so let's go to our first task here um they are basically telling you that um you can review a website as the first thing you do when you're trying to get information on your target and try to build like a site map for your own [Music] notes and here they just created this big table with all the web pages and the url for them and a brief description of what each what each page contains so we have the on page as we already saw latest news news articles so we have different articles on the news and there's an id there so maybe we can do some kind of idol or something like that then we have contact page customers customers login sign up reset password we have a dashboard for the customers i guess you only have access to that once you log in you can create tickets for support and then customer account and a page for you to log out okay it's pretty neat let's go and continue so yeah now we are on our first uh task per se let's take a look at the questions first uh what is the flag from the html comment okay so it seems like we will find a flag on our html on a comment in the html source file okay then what is the flag from the secret link should be looking for a secret link what is the directory listing flag and what is the framework flag okay so what are they telling us here uh how do i view the page source while viewing a website you can right click on the page and you'll see an option on the menu that says view page source yeah you can do that here on the home page you can right click and click on view page source but you can also click on your keyboard ctrl u so this will open a new tab on your browser and then you can check um the page source for the home direct for the home page i mean okay so this page is temporary while we work on the new home page so i guess as you can see those those icons here they they let you write a comment on an html file so maybe this is our answer for the first question which was let me just check again what is the flag from the html comments so okay and i think they also tell you about the comments here yeah you see here at the top of the page you'll see some code starting with this and ending with that these are comments okay so maybe if we try to access this new home beta page maybe we'll get something so i'm just going to add this to our um main url and there you go there's our first flag can we copy this so i don't have to write all of that let's see if that's correct yay it is okay so now what is the flag from the secret link i guess they are they also tell us something about the secret link um let's see okay i think it's here if you if you view further down the page source there is a hidden link to a page starting with seeker s-e-c-r view this link to get another flag you obviously won't get a flag in a real world situation but you may discover some private area using by the used by the business from starting company staff customer information okay so let's search that secret page uh i guess it's here as you can see let's try to visit it i'm just going to write i'm just going to press ctrl on my keyboard and click on this so it opens on a new tab oh there's our second flag that was easy um okay let's see if that's correct it is what is the directory listing flag okay let's see if we can if we can actually get access to some different directories from this um page source file okay so we already uh went to the news contact customers what is on the customers um okay i don't know what i did here okay there's nothing on there but i hit but i see an assets um folder here maybe we can try to access that let me just close this i'll i'll have to open the link again uh what is that okay here okay so let's try to open the assets directory oops it seems like we got access to [Music] their files which is awesome okay so you can go you have a folder here directory for the avatars of the site you have a css file js file and we have flag.txt yeah invalid directory permissions okay so i guess this is our third flag that's awesome uh let's go back to our own directory let me just open again again control on your keyboard and press u so you can open um page source and okay let's see what is the framework flag okay what are they telling us about the framework so here on the last paragraph we have some information about the frameworks viewing the page source can often give you give us clues into whether framework is in use and if so which framework and even what version knowing the framework and version can be a powerful find as there are as there may be public vulnerabilities in the framework and the website might not be using the most up-to-date version yeah at the bottom of the page you'll find a comment about the framework and version in news and a link to the frameworks website viewing the frameworks website you'll see that our website is in fact out of date read the update notice and use the information that you find to discover other flag okay so let's go to our page source and let's see okay at the at the bottom of the page so we have a comment here again uh and here it's the information about the version of the framework that we are using uh so they are using the try hack me framework version 1.2 and we have a link to check out what is this framework about so let's just open this okay um try hack me web framework quickly build fully functioning websites with features such as news portal contact forms customer portals and more current version 1.3 so we are using a version that is outdated as you can see here we are using the version 1.2 and the current version is 1.3 so this is the ohm okay change log we've added a backup with a backup facility in the administration portal okay so the version 1.3 we have we've had an issue where our backup process was creating a file in the web directory called tmp.zip which potentially could have been read by website visitors this file is now stored in area that is unreadable by the public so but yeah but this correction was made to this version and we are still using this version so maybe we can still access this file and maybe we'll get a flag from it um okay let's see just documentation the documentation for the framework is pre-installed on your website's administration portal once you've installed a framework navigate to try hack me framework login path on your website you can log in with the username admin and password admin make sure you change this password okay first let me just try to access the file that we just saw from that vulnerable version okay we got a file let's download it let's just go to our downloads okay there's our zip file and we get a flag as you can see yeah so this was the file that they're they were talking about let's close this and let's see if this is what they are trying to get us to or if you have to log into that portal yeah it is let me just check the hint file.zip yeah find the file in the framework changelog page oh they are telling you the answer actually okay let's go to task four the inspector okay so okay so here we have to go to an article that we cannot see it seems like so the first two articles are readable but the third has been blocked with a floating notice above the contents stating that you have to be a premium customer to view the article these floating boxes blocking the page contents are often referred to as paywalls as they put up a metaphorical wall in front of the content you wish to see until you pay right clicking on the premium notice by wall you should be able to select the inspection option from the menu which opens the developer tools either on the bottom or the right side depending on your browser preferences you'll now see the elements html that make up the website similar to the screenshots below yeah sure look at the div element with the class premium custom blocker and click on it okay so i i guess they are trying to make us uh remove this block restriction from this spare wall um and if we change it to none instead of block maybe we'll be able to check that content so i guess the articles are on the news um these first two yeah so this third one is the premium uh let me just zoom out okay so this is actually the same um article that they are trying to for us to see and we should be able to remove um this this way well with no problem so they are trying to make you right click and then inspect element but one thing that you can do as well is ctrl shift e or i ctrl shift i sorry and then let me just zoom this in you can click on this uh icon here and then click on the actual paywall so here you can see there's our blocker so if we go here to the styles we see here block so let's change this to none press enter and there you have let me just close the inspector try hack me not so hidden we got our flag let me just write this down um try hack me not so eden um yeah that's correct okay let's go to task number five so the debugger here you can debugger is very useful and let's see what they are telling us about it on the acme it support website click on the contact page each time the page is loaded you might notice a rapid flash of red on the screen let's actually try to check that out contact you did you start like a red rectangle here around here okay let's continue reading uh we are going to use the debugger to work out what this red flash is and if it contains anything interesting debugging a red dot wouldn't be something you do in a real world as a penetration tester but it does allow us to use this feature and get us used to the debugger okay so let's uh once again control chief i we have our debugger here and then what [Music] okay in both browsers on the left hand side you see a list of the resources the current web page is using if you click into the assets folder you see a file named flash.min.js let's see assets yeah flash.min.js okay click on this file display the contents of the javascript file yeah but as you can see here everything is really pretty and easy to read and here is like only on one line what we want to do is to click on these brackets here done and now you can read it much easier okay so let's see what they want us to do now um many times when viewing javascript files you notice that everything is in one line okay that's what i just did click on the brackets so you can see it using the pretty print option that's what it's called okay so if you scroll down to the bottom of the flash file you see the line flash remove let's check that out yeah it is right here line 108 uh so we are supposed to click on that now we have a blue thing there that's our breakpoint and now if we refresh our page this might stop here and maybe we get the red rectangle there yep there it is it paused on our break point can you see it there let me just close the inspector yep here it is and yeah thank god we can copy this i was afraid i was going to have to write it down okay we got our flag let's go to our last task developer tools network the network tab on the developer tools can be used to keep track of every external request a web page makes if you click on the network tab and then refresh the page you'll see that all the files you'll see all the files the page is requesting yes so let's go to our own again on page let's open the inspector once again go to our network and refresh so you can see all the requests that this page is doing yep so all these requests and now let's continue to read try doing this on the contact page you can press the trash can icon to delete the list if it gets a bit overpopulated okay so let's go to contact oh we still have our breakpoint here let's remove it go to the network refresh it okay here's our requests you can press on this trash can if you want to delete all of this and do a refresh again oh damn it's our break point um yeah okay so with the network tab open try filling the contact form and pressing send message button you'll notice an event in the network tab and this is the form being submitted in the background using a method called ajax.ajax now ajax sorry a method called ajax ajax is a method for sending and receiving network data in a web application background without interfering by changing the current web page okay let's do that so let me just fill in this form so my name is my name my email is email at email.com my message will be hi [Music] here's my message okay let me just send this message okay we got a um a pop-up that says that our message our message was sent and then we should have a new entry on our network requests here it is [Music] contact message examine the new entry on the network tab that the contact from created and view the page the data was sent to in order to reveal the flag so we should have a new page to to to check out and here it is i'm gonna zoom in so you can see so if you click here on the contact message we have a post request and we can check out this page and this will get us to whoops what did i just do i just want to copy this what the heck is happening i don't want to go oh man contact message okay this is so boring let me do it manually yep here's our flag ajax flag let me just copy this can i copy this without getting that much information that i don't want yes i can and that's it you got it let's see if we got any tickets i'll check that after so we just finished the room let's let me just check what in they are giving us when you find the contact message request make sure you click on it to review the response of the request there might be a response type shown when you click it yeah we just did it so yeah this room was really fun it really was uh it was much more practical than the ones we did before and yeah i really liked it let me just terminate the machine so because we are not using it anymore and if i refresh here on my learning path you'll see that yeah it is actually done so on the next video we are going to do this content discovery room um and the main objective here will be to learn the various ways of discovering hidden or private content on a web server that could lead to new vulnerabilities that should be fun um and yeah i hope you guys enjoyed this walkthrough i really enjoyed this room it was really fun and if you liked it make sure you leave a like if you didn't click the dislike button twice so i know you didn't like it that much and i'll see you in the next one bye you
Info
Channel: David Alves Web
Views: 18,955
Rating: undefined out of 5
Keywords:
Id: KAeUyZqHDQk
Channel Id: undefined
Length: 22min 52sec (1372 seconds)
Published: Sat Oct 30 2021
Related Videos
TryHackMe - Content Discovery
David Alves Web
5.4K
File Inclusion - TryHackMe Junior Penetration Tester 3.6
Brock Hard Security
4.8K
I Passed the CySA+ in 3 Weeks!
David Alves Web
29K
Certified Red Team Professional (CRTP) - How to PASS!?
David Alves Web
2.1K
File Inclusion Vulnerability Explained | TryHackMe Junior Penetration Tester
Motasem Hamdan
52K
The Reality Of Tech Jobs in 2024
Theo - t3․gg
77K
Conversation with a Huggingface developer
Overpowered
43K
What is Networking? - Networking Basics
TryHackMe
326K
HTMX is HTML with Super Powers
Code Soak
117
SQL Injection Vulnerability Explained | TryHackMe Junior Penetration Tester
Motasem Hamdan
26K
Command Injection Vulnerability | TryHackMe Junior Penetration Tester
Motasem Hamdan
11K
DNS in Detail - How the web works
TryHackMe
125K
A Productive Week In NYC as a Software Engineer | Christmas In NYC
Bukola
41K
Develop APIs in Python with FastAPI and a Free Oracle Database. Deploy it for FREE on Oracle Cloud.
CodeMinds & Business Bytes
87
Forget WordPress! Use These Website Builders Instead.
Santrel Media
1K
Server Side Request Forgery | Junior Penetration Tester TryHackMe SSRF
Motasem Hamdan
23K
TryHackMe - Advent of Cyber Day 11
David Alves Web
14K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.