DEV Community

a.infosecflavour
a.infosecflavour

Posted on

Jr Penetration Testing - Walking An Application - Viewing The Page Source

I bet you want to dive into Web Hacking. We'll be Walking An Application. The road has a few flags, let's collect them all, together.

The first question of task 3 sounds like this: What is the flag from the HTML comment?🧐

What do we do?

Regardless you use the THM Machine or you're connected via VPN, open a browser and introduce the URL provided after starting the machine.
After you connected to the webpage, have a look on the source of the page by either right-click-> View source or keyboard combination CTRL+U. The first clue for collecting a flag is written in the stars . Or in the comments. Will /new-home-beta lead us anywhere?

comment

Knocking at the door of machine-ip.p.thmlabs/new-home-beta will reveal the first flag! (don't forget that machine-ip= the IP you get after starting the machine in THM)

flag

The second question is asking us: What is the flag from the secret link?

The next flag is hidden in a secret place page. How do we arrive there? Have a look on the source page and try to find the secret page.

It seems...the secret has been unmasked.

flagz

The third question wants to know: What is the directory listing flag?

This time, someone placed the flag in a box (directory) full of stuff (assets).

Visiting machine-ip.p.thmlabs/assets, we'll be looking for the answer. There are so many assets here, site.js, style.css...Is there any clue?

assets

Accessing flag.txt, we'll happily find the answer.

flag.txt

One more flag and we beautify our collection. The fourth question: What is the framework flag? puts us in the situation to take some secondary streets.

Do you see the last line? Someone left a precious mark. The URL must be the fortress where the flag waits to be freed captured.

frame

Eeny, meeny, miny, moe which way should we go? Let's choose Change Log. 🌟

changr log

Archives can hide valuable information. So does /tmp.zip. Access machine-ip/tmp.zip and take the gem . Or the advice.

flagg

Are you curious what is the Documentation about? Let's have a look.

doc

Navigating to machine-ip/thm-framework-login, we'll arrive to a super-secret area, where admin is both username and password. ⚠️

web

Oh, no! There is another flag!

creds

However, given that the question is stating framework flag, the flag found in Change Log is the correct one.

Top comments (0)