CySCA 2014 Web Penetration Testing Write-up

Hellow Peeps !!!

Today I bring some interesting hacking challenge walkthrough. Let's see what it is,

CySCA2014 Web Penetration Testing Write-up


We need to first setup the cysca2014 box in VM. When the VM configuring we can check connectivity is their using ping commands.

Web Penetration Testing 1 – Club Status




Turn on the intercept in the burp suit and go to the web site using cysca2014 IP address. Then you can see the GET request. There are two cookies called PHPSESSID and VIP. Then we have to edit the VIP cookie value from 0 to 1 and forward the request.



Then we need to forward this packet in burp suite. Then we can get a website.




Index.php


Now we cannot access the blog.



Now we need to change VIP 0 to 1 then we can access the blog.  





Now we can access Blog.


Web Penetration Testing 2 – Om nom nom nom


After completing challenge 1, you can browse on the Blog page. There is a user called Sycamore. Then go to the blog of Sycamore and there is a comment box. We can put comments on it. Then we have to find the vulnerabilities of this comment box.


Type [<script>alert(“test”)</script>](test) in the comment box and submit it. You can see the alert message.


That’s it. We found the XSS vulnerability. The next step is to steal the PHPSESSID cookie of Sycamore. To do that, we have to host a server. We can create a file name .j containing some JavaScript to steal the user cookie. We can use pythons SimpleHTTPServer to host it on port 80.


Now we can create an XSS payload for the comment field. It looks like this.


Add this comment to the blog page and wait some time. After a small time, we can see the entries in the python server like this.


From that, we can get the cookie value of Sycamore. By loading the page with the cookie value we got from the server, the flag is revealed.


Web Penetration Testing 3 – Nonce-sense


After looking around the site while logged in as Sycamore, we notice that users can delete comments. The CSRF token prevents automated tools from testing payloads. Burp has a feature for this using macros.

We need to setup burp with a new session handling rule, record a macro and use it to generate new CSRF tokens for requests.





We need to add a custom parameter for CSRF tokens.


We need to ensure that what parameter we want to macro to update.





We need to define the scope of the session.


Then go to the Repeater and press the Go button. When you press the Go button, you can get the different CSRF tokens.


You can test some SQL injection here by adding ', after the comment_id=. So, we can notice that there is SQL injection vulnerability.


Get the request to a file and name it as “deletecomment_file”.


Now we have to do the rest using the sqlmap tool.




We can see the 5 tables in the cysca database. We use the “flag” table.




Finally, we can reveal the flag.



Comments

  1. networkguideNovember 24, 2022 at 2:50 PM

    Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post.External Penetration Testing

    ReplyDelete
  2. Technical SEONovember 27, 2023 at 7:24 PM

    It’s really a great post with lots of blog commenting sites. It’s very important for getting traffic and really thanks for sharing all.
    Digital Era

    ReplyDelete
  3. MBA educationNovember 28, 2023 at 12:14 AM

    This hacker
    blog sites was amazing and wonderful . its is such a very informative blog suite. I am glad to this informative and blog suits. Thanks for this information.

    ReplyDelete
  4. digital era fmNovember 28, 2023 at 2:28 AM

    As an enigmatic digital realm, HACKERV!LLE thrives as a forum for tech aficionados. Its vibrant community shares insights on cybersecurity, hacking, and cutting-edge technologies. With a mix of tutorials and discussions, it's a dynamic space nurturing learning and collaboration, making it a haven for tech enthusiasts to explore and expand their knowledge.Digital Era





    ReplyDelete
  5. abrishNovember 30, 2023 at 10:45 AM

    Using social media platforms (e.g., Facebook, Instagram, Twitter, LinkedIn) to promote products or services, connect with the audience, and build brand awareness.social media marketing Social media marketing involves both organic (unpaid) and paid strategies.

    ReplyDelete

Post a Comment

Popular posts from this blog

Phishing

Image
Phishing on Course web at SLIIT What Is Phishing?                   Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details , often for malicious reasons, by disgusting as a trustworthy entity in electronic communication. What is spear phishing attack ?                   S pear phishing  is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Introduction ?         First you need know some details about how it will be work. Phishing attack can be done creating web pages like original web sites. Attacker create similar site like original one and host that site in the server and send that link to the target person or group. If they trust that link and enter their information to that fake webpage. In that page store what they ente
Read more

Double Submit Cookies Patterns

Image
Cross-Site Request Forgery (CSRF)  Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an
Read more