OWASP Top 10 - 2021 Tryhackme Walkthrough
ฝัง
- เผยแพร่เมื่อ 15 ก.ย. 2024
- Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
tryhackme.com/...
Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging & Monitoring Failures
Server-Side Request Forgery (SSRF)
The room has been designed for beginners and assumes no previous security knowledge.
tryhackme.com/...
FOR ADMIN AREA FLAG: • OWASP Top 10 - 2021 Tr...
#tryhackme #owasp #owasptop10
![Shareปลาวาฬ ส่งท้าย SS1 พาเปียโน ขึ้น Ferrari ก่อนไปขาย แลก Nissan l [Nickynachat]](http://i.ytimg.com/vi/KAknGkTNIvg/mqdefault.jpg)
Please subscribe to get the latest videos www.youtube.com/@djalilayed
I came here because I couldn't figure out why I only had .txt files for the exploit section. Thought I was doing something stupid so it was a relief to see it wasn't just me. Thanks for the help! =D
You are welcome,
I truly appreciate your video sir. Other videos that I watched is going straight to the answer without showing how it's done. Others have too much complicated scripts that's too hard for a noob like me lol. But yours is pretty straightforward. Please make more THM walkthrough videos. Thanks very much! 🙏
Thanks, appreciate it, yes will do more video as the rooms get released
I wish these rooms were more beginner friendly. I dont like having to research the answers but I love your instruction. Thank you.
Glad it was helpful!, rooms differ, some easy other hard, walkthrough sometimes they made them like CTF, which can a bit hard, but they are good that way so you can learn and get prepared for CTF rooms
Good morning Djalil
Thanks for all the great conten. Keeping us safe ⛑️
You are welcome
I am a newbie to this - this video has been extremely helpful! Thank you
Thank you , glad it help, please like the video and subscribe to support the channel.
thanks broo, this is like learn with firends :), next hope you can do another Web Hacking Fundamentals like burpsuite: the basics or do anything other modules than Web Hacking Fundamentals like nmap, wireshark etc, again thank you broo!!
hey thanks for helping man
thanks for that explanation sir but sometime the screen re-code bight
Noted, thanks
another question at 21:11 we typed cat /opt/flag.txt i get we do this to read the content of the txt file, but since we did the ls and i even did ls -la and no txt file is displayed in the list how come that cat command works if there is no txt file there? or at least not at simple sight. thanks for answering me and for the walkthrough
Hi, I did the task again, what I noticed is the shell given by python script for some reason do not execute cd command you can notice on the video after dong cd then ls you see same listing so directory did not change, see below:
RCE $ pwd
/htdocs/bootstrap/img
RCE $ cd /opt
RCE $ pwd
/htdocs/bootstrap/img
RCE $ ls /opt
flag.txt
RCE $
so cd dor not change directory (this is more related to the python scrip shell I think then linux) and ls /opt will show you the listing and the flag.
In minute 9:43 you used $(cat /etc/passwd) to check how many non-root users are there, who did you know that?, previous linux experience?, or how me a newbie would know how to check this? thanks in advance!
Hi, here some linux knowledge is required, all linux system will have all their users on /etc/passwd file. For someone new to security that is why is good to learn the fundamental like linux, networking, programing as those will help you a lot later on. You can check linux rooms on tryhackme or books like www.amazon.com/Linux-Basics-Hackers-Networking-Scripting/dp/1593278551 (do research of other books too)
@@djalilayed I'm actually following the try hack me paths so perhaps I missed this in Linux fundamentals rooms, thanks a lot I'll check them again!
This is a great video tutorial.
Glad it was helpful!
what would be the solution of the last question called 'going extra mile' in ssrf objective
Hi, I made video for it : th-cam.com/video/Yc4jzWb_h4Q/w-d-xo.html
Thank you very much man
You're welcome!
Thank you Very much 😃
You're welcome 😊
Stupid question...How do you copy the contents of the session like you did in task 20, but on firefox? No shortcut, copy/pasting, no help other than look and type it out character by character. Please and thank you
Hi, I just use Ctrl C to copy and Ctrl V to paste when I copy from atackbox to my machine, is this what you are looking for?
@@djalilayed Thank you for your response, I think it may be a setting in my VM as I can't do copy and paste from main machine to my VM and visa-versa.
when i try to solve Task 4 IDOR challange it shows " we are having trouble finding this site". any solution plz
what is the link you are using, from error message it is possibly you are using the wrong link / URL
when i do the .tables ...i get an blank answer please help (task 8)
Hi, what are the commands you use before .tables? list of all your command to see what is missing
@@djalilayed I did the exact thing as you did I tried 3 times but same results
@@shaunabreo8469 I am not sure, are you using attackbox? may be your sql version,
also possible the file webapp.db you downloaded from the site is empty, check ls -lah webapp.db to see if size is not 0
any case here the file webapp.db you can get it from here: github.com/djalilayed/tryhackme/tree/main/OWASP-Top-10-2021
download it then you can open it online on this website:
inloop.github.io/sqlite-viewer/
which is sqlite viewer
you can also in attackbox open sql browser with sqlitebrowser webapp.db
I also had this problem it is because the file is empty, download the file above and everything will work. Good luck!
@@artemsmirnov8751 yes it's done thank you
Admin Area FLAG th-cam.com/video/Yc4jzWb_h4Q/w-d-xo.html (Going the Extra Mile: There's a way to use SSRF to gain access to the site's admin area. Can you find it? )
Sorry for the negative comment, but why is so hard to explain what you are doing at 27.20.
Guys, the guest header has to be changed to the admin header.
We have to do the following...
is clearly I am changing it from guest to admin, I do no get your point here, I am doing my best here, I am learning too, and this is walkthroug, more info are in the room itself. this suppose to be compliment to the room, so you read the room contents first. and I advice you to make videos yourself and share it with the community.