Walkthrough - OWASP Top 10 - TryHackMe

#cybersecurity #tryhackme #owasptop10

Hi Guys!
This is my very first Walkthrough/Write-Up.
This is a Walkthrough on the OWASP Top 10 room in TryHackMe.
This is a beginner room - as in

The challenges are designed for beginners and assume no previous knowledge of security.

I am going to walk you through the steps I followed to find the answers.

Day 1 Injection
Day 2 Broken Authentication
1. Darren's Account
2. Arthur's Account
Day 3 Sensitive Data Exposure

Day 1 Injection

Strange Text:

A strange text file in the website root directory:
I used ls. We see the output something like this:

ls command lists all the available files and folders in the current directory. And with that output, we understand that drpepper.txt is a strange text file.
Take me to Top

Number Of Users

The number of non-root/non-service/non-daemon users:
We can use the command: cat /etc/passwd | cut -d: -f1
I found this command here: LinuxHandBook

And the output from the command shows there are no users that are non-root/non-service/non-daemon. And therefore the number is 0. The cat command prints all the contents of a file mentioned and we are using pipe - | to send the output of the cat to the following command i.e, cut -d: -f1 which cuts(or only prints) a repeating part of an output. In our case - we mention the delimiter as : and the -f1 would print the first part of the delimited string.
Take me to Top

User:

The user of the app:

whoami is a command that shows the current user of the application through which the shell/bash is running. So the user is www-data
Take me to Top

User Shell As:

I used id to find the user id. Which is 33. id prints the current user-id and group-id.

And then I used cat /etc/passwd/ to print all the list of user information.

With the command, we see a lot of information here, and we need to find the one with the id 33, or the one with the user as www-data as we found in question 3. And we see that the user is set as /usr/sbin/nologin.
Take me to Top

Ubuntu Version

The version of Ubuntu:
I found this command cat /etc/os-release, can print comprehensive information on the Operating System.

Here we see the version as 18.04.4.
Take me to Top

MOTD:

I first could not find the motd as I first thought its at /etc/motd. Then I found that it's a different directory.

With the command ls /etc/update-motd.d/ I could see the files and one of them is 00-header and this is mentioned in the hint. So I used the command cat /etc/update-motd.d/00-header

Now we can see in the last line of the output talks about "Dr Pepper" and that is the favorite beverage.

Take me to Top

Day 2 Broken Authentication

I found this type of attack cool. Now, if we just follow the instructions we can find the answers to the given questions.

Darren's Account:

We try to register a new account using the name "darren" but we see a message saying user already exists. But the problem with this is in the backend of the application, with this step we now have overridden the password for darren with what we have used for the registration. Now we just have to login using the same password but add a space to the username: " darren".

Now we are logged in as darren and we see the flag.

Take me to Top

Arthur's Account:

We follow the same steps that we followed for darren's account.
We try to register using username "arthur" and some password.
Then we see the message that user already exists.
Then we login as " arthur" and the same password we used to register. We are taken to arthur's account.