Tuesday is here and it’s time for another room!
Today we move onto the Web Fundamentals path via THM.
We start off with the Walking An Application module which covers the following items –
- View Source – Use your browser to view the human-readable source code of a website.
- Inspector – Learn how to inspect page elements and make changes to view usually blocked content.
- Debugger – Inspect and control the flow of a page’s JavaScript
- Network – See all the network requests a page makes.
We begin by walking the application and checking the source code, we find a comment at the top of the code which directs us to /new-home-beta which shows us the first flag.
We then see lower in the source code that a link “<a href=”/secret-page”>” we navigate to that location and find the next flag.
We next check out the /assets/staff.png which is located on the main page and see if we can strip the /staff.png image and go up one directory to the /assets location, where we find we get an Index of all the assets where we find the flag.txt file.
Next we see at the bottom of the page that that the web application Acme IT Support is using a web framework where we check the Change log and find that in version v1.2 which the web application is using contains an issue which is patched in version v1.3 a /tmp.zip folder was present. We add the file /tmp.zip to the end of the URL on the web application and find the last flag.
Next we are tasked with removing the pay wall from the http://10.10.174.161/news/article?id=3 page of the application.
We use the inspection tools within Firefox to find the pay wall, check the DIV element and amend the ‘block’ action and change this to ‘none’ and are able to view the page
Next we use the debugger tool within Firefox to check out the http://10.10.174.161/contact page of the web application and we know it flashes red at the top of the page everytime it is loaded. We “Pretty Print” the code so it makes it slightly easier to read and find the line (110) at the bottom of the code and insert a breakpoint allowing us to view the flag.
The next flag is aquired on the same /contact page of the web application, we send data to the contact form and view the network tab in Firefox, we noticed after submission of the form a new item is listed contact-msg and the flag is revealed in the response headers!
Until next time & don’t sleepwalk through life!
Xayr