Tryhackme - OWASP Top Ten | Web
Severity 1: Command Injection Practical
What strange text file is in the website root directory?
Solution
ls will show the contents inside the directory and we see that “drpepper.txt” is the strange txt file
How many non-root/non-service/non-daemon users are there?
Solution
There are 0 non-root/non-service/non-daemon users.
What user is this app running as?
Solution
What is the user’s shell set as?
Solution
What version of Ubuntu is running?
Solution
Print out the MOTD. What favorite beverage is shown?
Solution
To view the message of the day (MOTD), I went to /etc/update-motd.d directory and open the 00-header file
Severity 2: Broken Authentication Practical
What is the flag that you found in darren’s account? Now try to do the same trick and see if you can login as arthur.
Solution
To view the flags, I need to login as the existing user. I was able to register as the user again by adding a space character in front of their usernames.
