Walking an Application -TryHackme
Welcome back amazing fellow hackers in this blog you are gonna see how to walk through websites manually for security issues in websites by inbuilt tools in the browser.
We are gonna see a list of inbuilt tools that we are gonna walk through on browsers which are :
- View Source
- Inspector
- Degguber
- Network
Let us explore the website, as the role of pentester is to make reviewing websites to find vulnerabilities to exploit and gain access to it.
Page source is a code used to view to our browser when request made by the server.
What is the flag from the HTML comment?
Ans : THM{HTML_COMMENTS_ARE_DANGEROUS}
I viewed some hints in the web app page source any clue then I checked the comment in the page source.
I navigated target-IP/new-home-beta through the page source I got this flag.
What is the flag from the secret link?
Ans: THM{NOT_A_SECRET_ANYMORE}
I started looking in page source whether any secret link then I got the link /secret-page . I navigated and got the flag.
What is the directory listing flag?
Ans: THM{INVALID_DIRECTORY_PERMISSIONS}
I use dirbuster to find any directory finally assets directory found out after
navigated I got this flag.
What is the framework flag?
Ans: THM{KEEP_YOUR_SOFTWARE_UPDATED}
I navigated into the framework page and downloaded and tmp.zip I arrived with a flag.
What is the flag behind the paywall?
Ans: THM{NOT_SO_HIDDEN}
In the news section, third news is meant for premium users to unlock this bypass method used here is entered into the inspect element premium-customer-blocker display in the block we have to change into none then the content gets visible for free users.
What is the flag in the red box?
Ans: THM{CATCH_ME_IF_YOU_CAN}
What is the flag shown on the contact-msg network request?
Ans: THM{GOT_AJAX_FLAG}
