実は来月あたりに徳丸試験の受験を予定しているので勉強も兼ねてこちらのRoom攻略
https://tryhackme.com/room/owasptop10tryhackme.com
そんなに難しくはないんだけどやたら長いので3回くらいに分けつつ、読めば終わるところも簡単に要約をつけてまとめまる方針でいきます。
- Task 1 Introduction
- Task 2 Accessing machines
- Task 3 [Severity 1] Injection
- Task 4 [Severity 1] OS Command Injection
- Task 5 [Severity 1] Command Injection Practical
- What strange text file is in the website root directory?
- How many non-root/non-service/non-daemon users are there?
- What user is this app running as?
- What is the user's shell set as?
- What version of Ubuntu is running?
- Print out the MOTD. What favorite beverage is shown?
- Task 6 [Severity 2] Broken Authentication
- Task 7 [Severity 2] Broken Authentication Practical
- What is the flag that you found in darren's account?
- Now try to do the same trick and see if you can login as arthur.
- What is the flag that you found in arthur's account?
- Task 8 [Severity 3] Sensitive Data Exposure (Introduction)
- Task 9 [Severity 3] Sensitive Data Exposure (Supporting Material 1)
- Task 10 [Severity 3] Sensitive Data Exposure (Supporting Material 2)
- Task 11 [Severity 3] Sensitive Data Exposure (Challenge)
- What is the name of the mentioned directory?
- Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
- Use the supporting material to access the sensitive data. What is the password hash of the admin user?
- Crack the hash.What is the admin's plaintext password?
- Login as the admin. What is the flag?
続きを読む