TryHackMe: OWASP TOP 10
1: Injection
Hola gente 👋!! Naman this side. Hope you all are doin great :)
So this blog is all about the OWASP TOP 10 room of TryHackMe. This is a kinda walk-through blog & I’ll be continuing this in series wise ^^
NOTE: I’ll not be explaining the whole OWASP TOP 10, instead I’ll be giving hints of the question that are answerable (not answering if answer is not required) and also providing the answer at last. But first try to solve by hint.
Also try to avoid grammar and typos, So without further ado, Let’s exploit!!
Start the machine & access the web content (http://<ip>/evilshell.php/)
You will get something like this ☝️
So coming to Questions-
Q1) What strange text file is in the website root directory?
ls
Q2) How many non-root/non-service/non-daemon users are there?
cat /etc/passwd
Q3) What user is this app running as?
whoami
Q4) What is the user’s shell set as?
cat /etc/passed
Q5) What version of Ubuntu is running?
cat etc/os-release
Q6) Print out the MOTD. What favourite beverage is shown?
cat /etc/update-motd.d/00-header
So hope you tried by your self. If not than what are you waiting for & if yes, Than congrats.
And for those who are struck or simply wanna copy & paste, Here you go ;p
A1. drpepper.txtA2. 0A3. www-dataA4. /usr/sbin/nologinA5. 18.04.4A6. DR PEPPER
So that’s all for this blog. See you in the PART 2