Security Misconfiguration in Security Shepherd

Note* - not part of VM

For solving this challenge, we need to have another user in the local network and we could try to get packet information from Wireshark to see if the session token is exposed to public

Step1: create a new user tester. (Remember to assign tester into the same class as your current user!)

Now, let's go back to the challenge and check what happens when we click the Get Result Key button.

Based on the request capture by BurpSuite, we could notice that there are 3 fields that is possibly the tokens we want: securityMisconfigLesson, token, and csrfToken.

Then, we need to open the Wireshark & login as tester to see what can we get from the network traffic.

We will capture lots of packets by wireshark and here is a useful feature to follow the TCP stream.

When we found the suspicious packets, we could right click on it and select Follow -> TCP stream. Here we will find that the cookie of securityMisconfigLesson for user tester is transfer in plaintext

Value is 3537b95aaacc3403dc36282e9771dc808fc4a8b3103936ba6b346b10ec3ea4e8 and it could be captured by anyone who is in the local network.

Now, let's logout tester and login back to original account.

Then replace the security Misconfig Lesson of original user to be 3537b95aaacc3403dc36282e9771dc808fc4a8b3103936ba6b346b10ec3ea4e8 and see if we could pass the challenge!

Security Misconfiguration in Security Shepherd (Admin Credentials)

Step 1 − Launch Security Shepherd and navigate to Security Misconfiguration and let us try to solve that challenge. Snapshot of the same is provided below −