Introduction to Web Hacking
文章目录
- Introduction to Web Hacking
- Walking An Application
- **Content Discovery**
- Task1 What Is Content Discovery?
- Task2 Manual Discovery - Robots.txt
- Task3 Manual Discovery - Favicon
- Task5 Manual Discovery - HTTP Headers
- Task6 Manual Discovery - Framework Stack
- Task7 OSINT - Google Hacking / Dorking
- Task8 OSINT - Wappalyzer
- Task9 OSINT - Wayback Machine
- Task10 OSINT - GitHub
- Task11 OSINT - S3 Buckets
- Task12 Automated Discovery
- SQL Injection
Walking An Application
Task1 Walking An Application
I confirm that I have deployed the virtual machine and opened the website.
Task2 Exploring The Website
Read the above.
Task3 Viewing The Page Source
1.What is the flag from the HTML comment?
THM{HTML_COMMENTS_ARE_DANGEROUS}
访问HTTP://IP/new-home-beta
2.What is the flag from the secret link?
THM{NOT_A_SECRET_ANYMORE}
访问HTTP://IP/secret-page
3.What is the directory listing flag?
THM{INVALID_DIRECTORY_PERMISSIONS}
4.What is the framework flag?
THM{KEEP_YOUR_SOFTWARE_UPDATED}
访问http://IP/tmp.zip
Task4 Developer Tools - Inspector
What is the flag behind the paywall?
THM{NOT_SO_HIDDEN}
Task5 Developer Tools - Debugger
What is the flag in the red box?
THM{CATCH_ME_IF_YOU_CAN}
Task6 Developer Tools - Network
What is the flag shown on the contact-msg network request?
THM{GOT_AJAX_FLAG}
Content Discovery
Task1 What Is Content Discovery?
1.What is the Content Discovery method that begins with M?
Manually
2.What is the Content Discovery method that begins with A?
Automated
3.What is the Content Discovery method that begins with O?
OSINT
Task2 Manual Discovery - Robots.txt
What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?
Task3 Manual Discovery - Favicon
What framework did the favicon belong to?
cgiirc
### Task4 Manual Discovery - Sitemap.xml
What is the path of the secret area that can be found in the sitemap.xml file?
/s3cr3t-area
Task5 Manual Discovery - HTTP Headers
What is the flag value from the X-FLAG header?
THM{HEADER_FLAG}
Task6 Manual Discovery - Framework Stack
What is the flag from the framework’s administration portal?
THM{CHANGE_DEFAULT_CREDENTIALS}
Task7 OSINT - Google Hacking / Dorking
What Google dork operator can be used to only show results from a particular site?
site:
Task8 OSINT - Wappalyzer
What online tool can be used to identify what technologies a website is running?
wappalyzer
Task9 OSINT - Wayback Machine
What is the website address for the Wayback Machine?
Task10 OSINT - GitHub
What is Git?
version control system
Task11 OSINT - S3 Buckets
What URL format do Amazon S3 buckets end in?
.s3.amazonaws.com
Task12 Automated Discovery
1.What is the name of the directory beginning “/mo…” that was discovered?
/monthly
2.What is the name of the log file that was discovered?
/development.log
SQL Injection
Task1 Brief
What does SQL stand for?
Structured Query Language
SQL(Structured Query Language)结构化查询语言
Task2 What is a Database?
1.What is the acronym for the software that controls a database?
DBMS
DBMS(Database Management System)数据库管理系统
2.What is the name of the grid-like structure which holds the data?
table
Task3 What is SQL?
1.What SQL statement is used to retrieve data?
select
2.What SQL clause can be used to retrieve data from multiple tables?
union
3.What SQL statement is used to add data?
insert
Task4 What is SQL Injection?
What character signifies the end of an SQL query?
;
Task5 In-Band SQLi
What is the flag after completing level 1?
THM{SQL_INJECTION_3840}
Task6 Blind SQLi - Authentication Bypass
What is the flag after completing level two? (and moving to level 3)
THM{SQL_INJECTION_9581}
Task7 Blind SQLi - Boolean Based
What is the flag after completing level three?
THM{SQL_INJECTION_1093}
password为3845
Task8 Blind SQLi - Time Based
What is the final flag after completing level four?
THM{SQL_INJECTION_MASTER}
password为4961
Task9 Out-of-Band SQLi
Name a protocol beginning with D that can be used to exfiltrate data from a database.
DNS
Task10 Remediation
Name a method of protecting yourself from an SQL Injection exploit.
ASTER}
password为4961
Task9 Out-of-Band SQLi
Name a protocol beginning with D that can be used to exfiltrate data from a database.
DNS
Task10 Remediation
Name a method of protecting yourself from an SQL Injection exploit.
Prepared Statements