Security Misconfiguration in Security Shepherd
Last updated
Last updated
Note* - not part of VM
For solving this challenge, we need to have another user in the local network and we could try to get packet information from Wireshark to see if the session token is exposed to public
Step1: create a new user tester. (Remember to assign tester into the same class as your current user!)
Now, let's go back to the challenge and check what happens when we click the Get Result Key button.
Based on the request capture by BurpSuite, we could notice that there are 3 fields that is possibly the tokens we want: securityMisconfigLesson, token, and csrfToken.
Then, we need to open the Wireshark & login as tester to see what can we get from the network traffic.
We will capture lots of packets by wireshark and here is a useful feature to follow the TCP stream.
When we found the suspicious packets, we could right click on it and select Follow -> TCP stream. Here we will find that the cookie of securityMisconfigLesson for user tester is transfer in plaintext
Value is 3537b95aaacc3403dc36282e9771dc808fc4a8b3103936ba6b346b10ec3ea4e8 and it could be captured by anyone who is in the local network.
Now, let's logout tester and login back to original account.
Then replace the security Misconfig Lesson of original user to be 3537b95aaacc3403dc36282e9771dc808fc4a8b3103936ba6b346b10ec3ea4e8 and see if we could pass the challenge!
Step 1 − Launch Security Shepherd and navigate to Security Misconfiguration and let us try to solve that challenge. Snapshot of the same is provided below −
To get the result key to this lesson, you must sign in with the default admin credentials which were never removed or updated.
Lets try some of the well known Default Credentials
Admin
password
Admin
Password
admin
admin
Admin
Admin
admin
Password
admin
password