Web Applications Hacking

Question 7 HR Incident Response In this challenge, we are given a website with CSV upload capability and are asked to somehow gather information from the contents of the file: C:\candidate_evaluation.

Question 6: Badge Manipulation The objective for this challenge is simple – we need to bypass the authentication mechanism. The way the authentication works is the machine “Scanomatic” scan a QR code on an employee badge and grants access depending if the QR code matches a proper record in the back-end database.

Holly Evergreen: CURLing Master We know that the candy striper machine can be turned on by sending a request to port 8080 on localhost (127.0.0.1). But we do not know what request to send.

Tangle Coalbox: Lethal ForensicELFication The poem that introduces the challenge talks about certain “text editors” leaving behind clues. Vim immediately comes to mind. We know that Vim logs information about deletions and searchers into a file called .

The vulnerability lies in how web pages are invoked on a web server. If an absolute path or direct referencing is used then it is possible to invoke pages on the server that a hacker has no business seeing.

When you log on to a web server, a session is created which is identified by a session ID. The session identifier can be a cookie. This cookie holds the session ID so that one can log in once for each session (From there on, the session is then passed on to various web pages one browses on that server).

IronGeek hosts a lot of good videos about testing web applications with Burp Suite. I tested these attacks out myself. Attacked Server: Mutillidae Test Page: Main Login Form Test Parameter: Username

As a web application penetration tester, when you find directory browsing enabled on a web server, you include it in your report, but you know subsequent exploitation might be a long shot depending on what information is actually exposed.

This post is meant to elucidate web application brute forcing by providing a practical demo. Read up on Authentication Brute Force here. OWASP testing guide is your friend in Web Application Hacking.

Read up on command injection here. OWASP testing guide is your best friend while learning web applications hacking or penetration testing. I tested the attack on two different vulnerable applications, one of which is Mutillidae.