infosecgirls
Appsec
Appsec
  • Introduction
  • Application Details
    • VM - Pre-req
    • Import Virtual Machines
    • Access Mutillidae Web Application
  • INITIAL SETUP WITH OWASP ZAP
    • OWASP ZAP
    • Setup OWASP ZAP
    • Modes
    • Automated Scan
    • Report Generation
  • Initial Setup with Burp
    • Start Burp Suite
    • Add FoxyProxy Addon
    • Add New Proxy In FoxyProxy
    • Configure Proxy Listener
    • Install Burp's CA Certificate In Firefox
    • Getting Rid of Unnecessary Browser Traffic
  • Quick Basics
    • Disable Intercept Mode in Burp
    • Enable Intercept Mode in Burp
    • Send to Repeater
    • Send to Comparer
  • Web Application Pentesting
    • A1 - Injection
      • SQL Injection with bWAPP
      • SQL Injection in DVNA
      • Command Injection in DVNA
    • A2 - Broken Authentication
      • Broken Authentication with bWAPP
    • A3 - Sensitive Data Exposure
      • Sensitive Data Exposure - DVNA
    • A4 - XML External Entities (XXE)
      • XML External Entity (XXE) Injection - Mutillidae
      • XML External Entity (XXE) Injection - DVNA
    • A5 - Broken Access Control
      • Broken Access Control - DVNA
    • A6 - Security Misconfiguration
      • Security Misconfiguration in DVNA
      • Security Misconfiguration in Mutillidae
      • Security Misconfiguration in Security Shepherd
    • A7 - Cross-Site Scripting (XSS)
      • Reflected XSS
      • DOM XSS
      • Stored XSS - Mutillidae
      • XSS - Sending data to remote server
    • A8 - Insecure Deserialization
      • Insecure Deserialization - DVNA
    • A9 - Using Components with Known Vulnerabilities
      • Using Components with Known Vulnerabilities - DVNA
    • 10 - Insufficient Logging & Monitoring
    • References
    • About Us
  • Additional Content
    • Insecure Direct Object Reference
    • Security Misconfiguration
    • Password Guessing Attack
    • User Enumeration
      • Unauthenticated User Access
      • Create a New User
      • Authenticated User Access
      • Intruder: Set Positions
      • Intruder: Define Payload
      • Intruder: Configure Grep - Extract
      • Trigger Attack & Save Results
    • Custom Iterator
    • Null Payload
    • Request in Browser: Privilege Escalation Check
  • Burp Extenders
    • Target
    • Proxy
    • Intruder
    • Repeater
    • Sequencer
    • Decoder
    • Comparer
    • Extender
Powered by GitBook
On this page
  • Security Misconfiguration in Security Shepherd
  • Security Misconfiguration in Security Shepherd (Admin Credentials)

Was this helpful?

  1. Web Application Pentesting
  2. A6 - Security Misconfiguration

Security Misconfiguration in Security Shepherd

PreviousSecurity Misconfiguration in MutillidaeNextA7 - Cross-Site Scripting (XSS)

Last updated 4 years ago

Was this helpful?

Security Misconfiguration in Security Shepherd

Note* - not part of VM

Step1: create a new user tester. (Remember to assign tester into the same class as your current user!)

Now, let's go back to the challenge and check what happens when we click the Get Result Key button.

Based on the request capture by BurpSuite, we could notice that there are 3 fields that is possibly the tokens we want: securityMisconfigLesson, token, and csrfToken.

Then, we need to open the Wireshark & login as tester to see what can we get from the network traffic.

We will capture lots of packets by wireshark and here is a useful feature to follow the TCP stream.

When we found the suspicious packets, we could right click on it and select Follow -> TCP stream. Here we will find that the cookie of securityMisconfigLesson for user tester is transfer in plaintext

Value is 3537b95aaacc3403dc36282e9771dc808fc4a8b3103936ba6b346b10ec3ea4e8 and it could be captured by anyone who is in the local network.

Now, let's logout tester and login back to original account.

Then replace the security Misconfig Lesson of original user to be 3537b95aaacc3403dc36282e9771dc808fc4a8b3103936ba6b346b10ec3ea4e8 and see if we could pass the challenge!

Security Misconfiguration in Security Shepherd (Admin Credentials)

Step 1 − Launch Security Shepherd and navigate to Security Misconfiguration and let us try to solve that challenge. Snapshot of the same is provided below −

To get the result key to this lesson, you must sign in with the default admin credentials which were never removed or updated.

Lets try some of the well known Default Credentials

Admin password

Admin Password

admin admin

Admin Admin

admin Password

admin password

For solving this challenge, we need to have another user in the local network and we could try to get packet information from to see if the session token is exposed to public

Wireshark
Security_Misconfiguration_SS_1
Security_Misconfiguration_SS_2a
Security_Misconfiguration_SS_2b
Security_Misconfiguration_SS_3a
Security_Misconfiguration__SS_4
Security_Misconfiguration__SS_4