DEFEND-THE-WEB INTRO 1–7 CHALLENGES

Challenges

Intro 1:

By just looking over the page source we could find the credentials of the excercise.

We have got the credentials + we have got the csrf-token i.e static csrf-token we we can use it to plan an CSRF attack to this Login Page.

Intro 2

Same we need to find the credentials from the website using recon. This time found in the page source but in different way.

Logging it with the credential we could bypass the auth mechanism.

Intro 4

We don’t have Intro 3 in the platform, thus moving forward for Intro 4:

Same we need to find the credential for the login. Got something interesting in page source

Lets see what we have got in this location:

../../extras/playground/9d2K4Fw.json

Again, we have got credentials from the file of which location was available in Page Source

Intro 5

It is somewhat interesting, we have got directly a password popup for the
password nothing else.

Lets see what we have got in the page source and js

Got the password and solved the lab!!

Intro 6

Need to login as snipergod but we dont have the username in the drop down menu
Guess we need to edit the drop down menu and log in to system by the help of
Developer Tools

Edited JTAM value into snipergod and log in to system.
Completed the Intro 6

Intro 7

Question itself gives a hint of the robots.txt file which could be crawled by
search engine.
Using a password from the robots.txt (we have obtained credentials earlier) and logging into the system.

For more updates and blogs!! Stay Tuned..

Happy Hacking!!