Skip to main content

Training Update v0.93

blank
blank

Thursday is here and it’s time for more THM!

Today we start off with ORM Injection which is a topic I have never touched so this should be insightful!

blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank
blank

Flag – THM{SECURED_001}

blank
blank
blank
blank

https://10-10-55-245.p.thmlabs.com/query_users?sort=name

blank

https://10-10-55-245.p.thmlabs.com/query_users?sort=name-%3E%22%27))%20LIMIT%2010%23

blank

Flag – THM{101}

blank
blank
blank
blank
blank
blank

Now we move on to the Injectics challenge room!

blank

http://10.10.220.139/

blank

view-source:http://10.10.220.139/

blank
<!-- Website developed by John Tim - [email protected]>

<!-- Mails are stored in mail.log file-->

http://10.10.220.139/mail.log

In this mail.log file in mentions if the table gets deleted then the default credenitals which are show below are able to be used to maintain access to the application.

blank
| Email                     | Password 	              |
|---------------------------|-------------------------|
| [email protected]  | superSecurePasswd101    |
| [email protected]         | devPasswd123            |

view-source:http://10.10.220.139/script.js

We can see from the below screenshot that the application has included invalidKeywords which blocks the use of the normal OR operator so this cannot be used

blank

We use the || which represents the SQL OR operator instead

blank

http://10.10.220.139/dashboard.php

blank

We drop the table in order to use the default credentials found within the mail.log file found earlier

blank

http://10.10.220.139/dashboard.php

blank

blank
blank

Flag – THM{INJECTICS_ADMIN_PANEL_007}

blank
blank
blank
blank

SSTI Is present within the admin section of the application

blank
blank
blank
blank
blank
blank

Flag – THM{5735172b6c147f4dd649872f73e0fdea}

blank

New Title –

blank

New Rank –

blank

I must say I struggled alot with this section of the pathway as Injection attacks are not my speciality (not that much is overall) and I needed help with this final box as I simply could not get it.

I’m going to keep on keeping on because alot of the stuff covered within this module/section of the pathway I had not encountered as of yet during my time testing/training and I do feel some creeping doubt about my abilities however, I need to keep going as there is stuff to do and things to learn!

The only way to progress is to fail and fail again and maybe one day I’ll get it!

blank
blank

Until next time & don’t sleepwalk through life!

Hwyl fawr