TryhackMe OWASP Top 10 Sensitive Data Exposure

The platform develops virtual classrooms that not only allow users to deploy training environments with the click of a button, but also reinforce learning by adding a question-answer approach. Its a comfortable experience to learn using pre-designed courses which include virtual machines (VM) hosted in the cloud.

TryhackMe OWASP Top 10 Sensitive Data Exposure  walkthrough


While using a question-answer model does make learning easier, TryHackMe allows users to create their own virtual classrooms to teach particular topics enabling them to become teachers. This not only provides other users with rich and varied content, but also helps creators reinforce their understanding of fundamental concepts.












When a webapp accidentally divulges sensitive data, we refer to it as "Sensitive Data Exposure". This is often data directly linked to customers (e.g. names, dates-of-birth, financial information, etc), but could also be more technical information, such as usernames and passwords. At more complex levels this often involves techniques such as a "Man in The Middle Attack", whereby the attacker would force user connections through a device which they control, then take advantage of weak encryption on any transmitted data to gain access to the intercepted information (if the data is even encrypted in the first place...). Of course, many examples are much simpler, and vulnerabilities can be found in web apps which can be exploited without any advanced networking knowledge. Indeed, in some cases, the sensitive data can be found directly on the webserver itself...



The web application in this box contains one such vulnerability. Deploy the machine, then read through the supporting material in the following tasks as the box boots up.



Sometimes backup are left on the server by ignorant developers and sometimes this backup contain sensitive information like credentials that can lead to compromising of a server let’s take a look from the server’s webpage below






Go to login page http://<IP address>/login and then visit view page source






#1 What is the name of the mentioned directory?

Ans :- /assets



Navigating to /assets we get a database file called webapp.db









#2 Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
TryhackMe OWASP Top 10 Sensitive Data Exposure  walkthrough



Ans :- webapp.db



I downloaded the database file to my system and Let’s open the databases and see what it contains using the command :


sqlite3 webapp.db






And we see the database has two tables sessions and users






So here, we have found a table named Users, so we will access this table with the help of SQL command.







#3 Use the supporting material to access the sensitive data. What is the password hash of the admin user?


Ans :- 6eea9b7ef19179a06954edd0f6c05ceb



Now we will decrypt this hash and before doing this we need to know in what format this hash file is? like MD5, SHA256, BCRYPT etc


Type the following command and check hash password :






Hash Format :- MD5


Now we will decrypt this Facebook file and get the password



#4 Crack the hash.
What is the admin's plaintext password?






Ans :- qwertyuiop




#5 Login as the admin. What is the flag?


username :- admin ( go to question #3 )
password :- qwertyuiop



Ans Flag :- In video





Video Tutorial :-  




        

 

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.






I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)