Introduction to Web Hacking

文章目录

  • Introduction to Web Hacking
    • Walking An Application
      • Task1 Walking An Application
      • Task2 Exploring The Website
      • Task3 Viewing The Page Source
      • Task4 Developer Tools - Inspector
      • Task5 Developer Tools - Debugger
      • Task6 Developer Tools - Network
    • **Content Discovery**
      • Task1 What Is Content Discovery?
      • Task2 Manual Discovery - Robots.txt
      • Task3 Manual Discovery - Favicon
      • Task5 Manual Discovery - HTTP Headers
      • Task6 Manual Discovery - Framework Stack
      • Task7 OSINT - Google Hacking / Dorking
      • Task8 OSINT - Wappalyzer
      • Task9 OSINT - Wayback Machine
      • Task10 OSINT - GitHub
      • Task11 OSINT - S3 Buckets
      • Task12 Automated Discovery
    • SQL Injection
      • Task1 Brief
      • Task2 What is a Database?
      • Task3 What is SQL?
      • Task4 What is SQL Injection?
      • Task5 In-Band SQLi
      • Task6 Blind SQLi - Authentication Bypass
      • Task7 Blind SQLi - Boolean Based
      • Task8 Blind SQLi - Time Based
      • Task9 Out-of-Band SQLi
      • Task10 Remediation
      • Task9 Out-of-Band SQLi
      • Task10 Remediation

Walking An Application

Task1 Walking An Application

I confirm that I have deployed the virtual machine and opened the website.

Task2 Exploring The Website

Read the above.

Task3 Viewing The Page Source

1.What is the flag from the HTML comment?

THM{HTML_COMMENTS_ARE_DANGEROUS}

访问HTTP://IP/new-home-beta

2.What is the flag from the secret link?

THM{NOT_A_SECRET_ANYMORE}

访问HTTP://IP/secret-page

3.What is the directory listing flag?

THM{INVALID_DIRECTORY_PERMISSIONS}

4.What is the framework flag?

THM{KEEP_YOUR_SOFTWARE_UPDATED}

访问http://IP/tmp.zip

Task4 Developer Tools - Inspector

What is the flag behind the paywall?

THM{NOT_SO_HIDDEN}

Task5 Developer Tools - Debugger

What is the flag in the red box?

THM{CATCH_ME_IF_YOU_CAN}

Task6 Developer Tools - Network

What is the flag shown on the contact-msg network request?

THM{GOT_AJAX_FLAG}

Content Discovery

Task1 What Is Content Discovery?

1.What is the Content Discovery method that begins with M?

Manually

2.What is the Content Discovery method that begins with A?

Automated

3.What is the Content Discovery method that begins with O?

OSINT

Task2 Manual Discovery - Robots.txt

What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers?

Task3 Manual Discovery - Favicon

What framework did the favicon belong to?

cgiirc

OWASP favicon database - OWASP

### Task4 Manual Discovery - Sitemap.xml

What is the path of the secret area that can be found in the sitemap.xml file?

/s3cr3t-area

Task5 Manual Discovery - HTTP Headers

What is the flag value from the X-FLAG header?

THM{HEADER_FLAG}

Task6 Manual Discovery - Framework Stack

What is the flag from the framework’s administration portal?

THM{CHANGE_DEFAULT_CREDENTIALS}

Task7 OSINT - Google Hacking / Dorking

What Google dork operator can be used to only show results from a particular site?

site:

Task8 OSINT - Wappalyzer

What online tool can be used to identify what technologies a website is running?

wappalyzer

Task9 OSINT - Wayback Machine

What is the website address for the Wayback Machine?

archive.org

Task10 OSINT - GitHub

What is Git?

version control system

Task11 OSINT - S3 Buckets

What URL format do Amazon S3 buckets end in?

.s3.amazonaws.com

Task12 Automated Discovery

1.What is the name of the directory beginning “/mo…” that was discovered?

/monthly

2.What is the name of the log file that was discovered?

/development.log

SQL Injection

Task1 Brief

What does SQL stand for?

Structured Query Language

SQL(Structured Query Language)结构化查询语言

Task2 What is a Database?

1.What is the acronym for the software that controls a database?

DBMS

DBMS(Database Management System)数据库管理系统

2.What is the name of the grid-like structure which holds the data?

table

Task3 What is SQL?

1.What SQL statement is used to retrieve data?

select

2.What SQL clause can be used to retrieve data from multiple tables?

union

3.What SQL statement is used to add data?

insert

Task4 What is SQL Injection?

What character signifies the end of an SQL query?

;

Task5 In-Band SQLi

What is the flag after completing level 1?

THM{SQL_INJECTION_3840}

Task6 Blind SQLi - Authentication Bypass

What is the flag after completing level two? (and moving to level 3)

THM{SQL_INJECTION_9581}

Task7 Blind SQLi - Boolean Based

What is the flag after completing level three?

THM{SQL_INJECTION_1093}

password为3845

Task8 Blind SQLi - Time Based

What is the final flag after completing level four?

THM{SQL_INJECTION_MASTER}

password为4961

Task9 Out-of-Band SQLi

Name a protocol beginning with D that can be used to exfiltrate data from a database.

DNS

Task10 Remediation

Name a method of protecting yourself from an SQL Injection exploit.

ASTER}

password为4961

Task9 Out-of-Band SQLi

Name a protocol beginning with D that can be used to exfiltrate data from a database.

DNS

Task10 Remediation

Name a method of protecting yourself from an SQL Injection exploit.

Prepared Statements

Tryhackme-Introduction to Web Hacking相关推荐

  1. 网络增强现实开发简介 Introduction to Web AR development

    搭配webXR.mindAR.three.js和tensorflow.js 你会学到: 获得构建不同类型的网络增强现实应用程序的实践经验,包括图像效果.人脸效果和世界效果 获得关于增强现实如何在网络浏 ...

  2. 《Web Hacking 101》中的链接整理

    <Web Hacking 101>中的链接整理 原书:Web Hacking 101 HTML 注入 Coinbase Comments HackerOne Unintended HTML ...

  3. 2021年十大 web hacking 技术汇总

     聚焦源代码安全,网罗国内外最新资讯! 编译:代码卫士 PortSwigger 发布2021年的前十大 Web Hacking 技术.该媒体自2015年开始向信息安全社区征求候选名单,本次共收到40份 ...

  4. Web Hacking 101 中文版 十三、子域劫持

    十三.子域劫持 作者:Peter Yaworski 译者:飞龙 协议:CC BY-NC-SA 4.0 描述 子域控制就真的是听上去那样,它是一种场景,恶意用户能够代表合法站点来申请一个子域.总之,这一 ...

  5. Web Hacking 101 中文版 十七、服务端请求伪造

    十七.服务端请求伪造 作者:Peter Yaworski 译者:飞龙 协议:CC BY-NC-SA 4.0 描述 服务端请求伪造,或者 SSRF,是一种类型,它允许攻击者使用目标服务器来代表攻击者自己 ...

  6. Web Hacking 101 中文版 二十、漏洞报告

    二十.漏洞报告 作者:Peter Yaworski 译者:飞龙 协议:CC BY-NC-SA 4.0 所以这一天终于来了,你发现了你的第一个漏洞. 首先,恭喜你! 认真来讲,发现漏洞并不容易,但是有一 ...

  7. Web Hacking 101 中文版 十八、内存(一)

    十八.内存 作者:Peter Yaworski 译者:飞龙 协议:CC BY-NC-SA 4.0 描述 缓冲区溢出是一个场景,其中程序向缓冲区或内容区域写入数据,写入的数据比实际分配的区域要多.使用冰 ...

  8. Web Hacking 101 中文版 十八、内存(二)

    2. Python Hotshot 模块 难度:高 URL:无 报告链接:http://bugs.python.org/issue24481 报告日期:2015.7.20 奖金:$500 描述: 像 ...

  9. Web Hacking 101 中文版 九、应用逻辑漏洞(三)

    7. 绕过 Gitlab 的双因素认证 难度:中 URL:无 报告链接:https://hackerone.com/reports/128085 报告日期:2016.4.3 奖金:无 描述: 4 月 ...

最新文章

  1. sangerbox平台使用(二)差异分析
  2. 基于AngularJS的Onsen UI --Onsen UI学习笔记
  3. consolel API大全-附测试结果
  4. substringToIndex substringFromIndex
  5. Markdown 工程师也不简单:如何写一个高逼格 README
  6. linux写入二进制文件内容,linux – 从管道读取数据并写入标准输出,中间延迟.必须处理二进制文件...
  7. 对称二叉树(信息学奥赛一本通-T1368)
  8. python json.dumps()函数输出json格式,使用ensure_ascii参数对中文输入的支持
  9. python解密m3u8播放_Python3 通过m3u8连接获取完整媒体文件(附全网视频VIP观看方法)...
  10. ESXI洗白安装黑群晖教程,附文件
  11. MATLAB 产生线性调频信号
  12. 微信小程序报错:47001 - data format error hint
  13. pandas中DataFrame如何检测重复值
  14. GitLab CI/CD 初体验
  15. 第二部分 s3c2440 移植linux内核 添加网卡支持 yaffs2文件系统支持
  16. 19张插画让你秒懂Kubernetes
  17. UG如何把语言改成中文,UG如何把界面语言改成中文
  18. Nachos之系统调用
  19. 单片机如何发出类似和弦的声音
  20. 计算机中多媒体数据如何表示,多媒体数据的表示方法说明.ppt

热门文章

  1. cs进销存管理系统服务器,CS模式的进销存管理系统--非常好.doc
  2. 1003: FFF团的情侣活动--课程作业--找出N个数字中唯一出现奇数次的数
  3. mysql用脚本导入csv_用脚本把csv文件导入mysql
  4. ChatRoom新春版
  5. linux如何卸载mysql5.7,Linux下Mysql5.7.19卸载方法
  6. 卡巴斯基杀毒软件的十九种实用使用方法
  7. Visual studio 之常见编译错误(1):syntax error : missing ';' before identifier 'PVOID64'
  8. 虚拟机怎么修改IP地址
  9. 【L2-030 冰岛人】天梯赛L2系列详解
  10. Ochadoop之hive on tez搭建[转自 AIMP平台wiki]