top of page
Explanation of common vulnerabilities like SQL injection and cross-site scripting (XSS).
Integration of secure coding practices to prevent vulnerabilities.

Manual Discovery —Favicon

What framework did the favicon belong to? Answer: cgiirc

Manual Discovery — HTTP Headers
What is the flag value from the X-FLAG header? Answer: THM{HEADER_FLAG}

Log with admin credentials to http://<ip_adress>/thm-framework-login

Resources for learning web hacking, including books, courses, and online communities.

Manual Discovery —Sitemap.xml

What is the path of the secret area that can be found in the sitemap.xml file? Answer: /s3cr3t-area

Links to ethical hacking guidelines and certifications like CEH.
Discussion on responsible disclosure of vulnerabilities and bug bounty programs.

Manual Discovery — Framework Stack

  1. Go to the website http://<ip_address> and check the source code, at the bottom you will have the link

Importance of continuous monitoring and updating of web security measures.

2. Check the documentation page

Collaboration with web developers and security teams to enhance defenses.
Introduction to penetration testing frameworks and methodologies.

What is the flag from the framework’s administration portal? Answer: THM{CHANGE_DEFAULT_CREDENTIALS}

OSINT — Google Hacking / Dorking

What Google dork operator can be used to only show results from a particular site? Answer: site:

OSINT — Wappalyzer

What online tool can be used to identify what technologies a website is running? Answer: Wappalyzer

OSINT — Wayback Machine

What is the website address for the Wayback Machine? Answer: https://archive.org/web/

OSINT — GitHub

What is Git? Answer: version control system

OSINT — S3 Buckets

What URL format do Amazon S3 buckets end in? Answer: s3.amazonaws.com

Automated Discovery

To get the answers for the questions you just need to run this command. The common.txt wordlist is set by default by dirt so you dont have to select it or type it.

What is the name of the directory beginning “/mo….” that was discovered? Answer: /monthly

What is the name of the log file that was discovered? Answer: /development.log

Techniques for testing for common web vulnerabilities like CSRF and file inclusion.

Room 3 : Subdomain Enumeration

OSINT — SSL/TLS Certificates

What domain was logged on crt.sh at 2020–12–26? Answer: store.tryhackme.com

OSINT — Search Engines

What is the TryHackMe subdomain beginning with B discovered using the above Google search? Answer: blog.tryhackme.com

DNS Bruteforce

What is the first subdomain found with the dnsrecon tool? Answer: api.acmeitsupport.thm

OSINT — Sublist3r

What is the first subdomain discovered by sublist3r? Answer: web55.acmeitsupport.thm

Virtual Hosts

What is the first subdomain discovered? Answer: delta

What is the second subdomain discovered? Answer: yellow

Strategies for securing APIs and web services against attacks.
Overview of reconnaissance techniques to gather information about a target.

Developer Tools — Inspector

What is the flag behind the paywall?
Go to the /news section and open the article behind the paywall. Click on inspect the element and you will see the Inspector menu, look for “premium-customer-blocker” and click on that. On the right side you will see the settings of that blocker, try to change the display to “none” instead of blocked. Boom! It is done, now you can see the flag.
Answer: THM{NOT_SO_HIDDEN}

Description of scanning methodologies to identify vulnerabilities.

Developer Tools — Debugger

What is the flag in the red box?
To check it go to /contact page and open Debugger (click on the Inspect Element and then move to Debugger). In the Debugger menu look for the flash.mini.js in the assets. There select the Preety Print view and scroll down to line 108. Click on the line number, this will create a breakpoint and stop executing the flash. Refresh the page and you will see the red banner being displayed.
Answer: THM{CATCH_ME_IF_YOU_CAN}

Explanation of exploitation methods to compromise web applications.
Discussion on post-exploitation activities and maintaining access.

Developer Tools — Network

What is the flag shown on the contact-msg network request?
With the network tab open, try filling in the contact form and pressing the Send Message button. You’ll notice an event in the network tab, and this is the form being submitted in the background using a method called AJAX. AJAX is a method for sending and receiving network data in a web application background without interfering by changing the current web page.

When you have sent the message, refresh the page once again and check the contact-msg element. Go to Response to get the Response flag.
Answer: THM{GOT_AJAX_FLAG}

Techniques for web application security testing and vulnerability assessment.

Hi! Today I am going to give you a full walkthrough of the Introduction to Web Hacking Module.

Room 1: Walking An Application

Walking An Application

In this room you will learn how to manually review a web application for security issues using only the in-built tools in your browser. More often than not, automated security tools and scripts will miss many potential vulnerabilities and useful information.

Here is a short breakdown of the in-built browser tools you will use throughout this room:

  • View Source — Use your browser to view the human-readable source code of a website.

  • Inspector — Learn how to inspect page elements and make changes to view usually blocked content.

  • Debugger — Inspect and control the flow of a page’s JavaScript

  • Network — See all the network requests a page makes.

No answer needed

Exploring the Website

No answer needed

Viewing the Page Source

What is the flag from the HTML comment?
To obtain that information look in the source code and see the comment, when you open the /new-home-beta, the flag will be displayed
Answer : THM{HTML_COMMENTS_ARE_DANGEROUS}

Room 2: Content Discovery

What is content discovery ?

Firstly, we should ask, in the context of web application security, what is content? Content can be many things, a file, video, picture, backup, a website feature. When we talk about content discovery, we’re not talking about the obvious things we can see on a website; it’s the things that aren’t immediately presented to us and that weren’t always intended for public access.

This content could be, for example, pages or portals intended for staff usage, older versions of the website, backup files, configuration files, administration panels, etc.

There are three main ways of discovering content on a website which we’ll cover. Manually, Automated and OSINT (Open-Source Intelligence).

What is the Content Discovery method that begins with M? Answer: Manually

What is the Content Discovery method that begins with A? Answer: Automated

What is the Content Discovery method that begins with O? Answer: OSINT

Manual Discovery — Robots.txt

What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers? Answer: /staff-portal

Title: 'Introduction to Web Hacking' in bold letters.

What is the flag from the secret link?
Look into the details of the source code. You will see the /secret-page. Go there and the flag will be displayed
Answer: THM{NOT_A_SECRET_ANYMORE}

Overview of web hacking fundamentals and techniques.

What is the directory listing flag?
Go to the /assets and check the source code, you will get access to the whole directory with file flag.txt as well. Open the file and you will get your answer.
Answer: THM{INVALID_DIRECTORY_PERMISSIONS}

Diagram depicting the web application architecture and attack surfaces.

What is the framework flag?
Check the last comment in the main page source code. When visiting the site, look there is a Change Log entry with information that /tmp.zip should be the file we are looking for. Open the page <ip_addres>/tmp.zip and you can download and extract the file. Within that file there is flag.txt
Answer: THM{KEEP_YOUR_SOFTWARE_UPDATED}

Examples of tools used in web hacking such as Burp Suite and OWASP ZAP.
Importance of ethical considerations and legal boundaries in web security testing.

Introduction To Web Hacking

Web Application Hacking: Its Vulnerabilities, Risks, and Prevention
Introduction

In the digital age, where web applications are an integral part of our lives, the threat of web application hacking looms large. Understanding web application vulnerabilities and their potential risks is crucial in safeguarding your online presence. This blog will dive deep into the world of web application security, shedding light on the threats and, more importantly, how to prevent them.
Understanding Web Application Vulnerabilities
Injection Attacks

Web applications are prone to injection attacks like SQL injection, which can have catastrophic consequences. By exploiting these vulnerabilities, malicious actors can gain unauthorized access to your databases. However, vigilant coding practices and input validation can fortify your defense.
Cross-Site Request Forgery (CSRF)

CSRF attacks manipulate user actions without their knowledge, potentially leading to unintended transactions or changes in user data. Implementing strategies such as token-based validation can thwart these attacks and keep your web application secure.
Cross-Site Scripting (XSS)

XSS attacks can wreak havoc by injecting malicious scripts into your web pages, compromising user data and trust. Discover the various forms of XSS attacks and how to protect against them using secure coding practices and input validation.
Security Misconfigurations

Misconfigurations are often the Achilles’ heel of web applications. This section delves into why misconfigurations are problematic and provides guidance on how to prevent them, making your application less susceptible to hackers.
Broken Authentication
Explore the vulnerabilities posed by broken authentication and discover best practices for securing user authentication. Robust authentication mechanisms are a cornerstone of web application security.
Risks Associated with Web Application Hacking

Data Breaches
Data breaches can lead to the theft of sensitive information, which can be catastrophic for both users and organizations. Learn how to safeguard your data through encryption and access control measures.
Financial Loss

Web application hacking can incur significant financial losses, not only in terms of recovery costs but also due to potential fraud. Understand the monetary implications and the importance of a proactive approach to security.
Reputational Damage

Compromised web applications can tarnish an entity’s reputation, affecting long-term success. Safeguard your digital image by prioritizing security and implementing robust security measures.
Legal Consequences

Legal ramifications loom large for both attackers and organizations. Adhering to legal and ethical standards is not just a moral obligation but also a crucial step in protecting your interests.
Preventing Web Application Hacking
Regular Security Audits and Testing

Regular security audits, penetration testing, and code reviews are indispensable for identifying and mitigating vulnerabilities. Staying one step ahead of potential attackers is the key to a secure web application.
Secure Coding Practices

Developers play a pivotal role in web application security. By adopting secure coding practices, they can fortify the application’s defenses from within, preventing vulnerabilities before they emerge.
Patch Management

Keeping software components up-to-date is vital to preventing the exploitation of known vulnerabilities. Staying informed about security patches and promptly implementing them is a fundamental practice.
Web Application Firewalls (WAF)

Web Application Firewalls provide an additional layer of defense against common web application attacks. Learn how to integrate a WAF into your security strategy for enhanced protection.
Implement Multi-Factor Authentication (MFA)

Multi-factor authentication adds an extra layer of security by requiring multiple forms of authentication. Explore the value of MFA in enhancing user account security.
Educate Users

User awareness is a powerful tool against web application hacking. Educating users on safe browsing practices, recognizing phishing attempts, and using strong passwords bolsters the overall security of your application.
Some Related Posts

Career prospects for certified cyber criminologists
How to prepare for a Cybersecurity Job Interview?
Crime analysis battleground best practices
Conclusion

Web application hacking is a pervasive threat in the digital landscape. However, with knowledge and proactive measures, you can protect your digital fortress. By understanding vulnerabilities, recognizing associated risks, and implementing robust preventive measures, you can bolster your web application’s security. Stay vigilant, stay secure.
Some Frequently Asked Questions(FAQs)

What is web application hacking?
Web application hacking refers to the act of exploiting vulnerabilities in web applications to gain unauthorized access, steal data, or compromise their integrity.

How can I prevent SQL injection attacks?
Preventing SQL injection involves using parameterized queries, input validation, and proper error handling to block malicious input.
What is the role of Multi-Factor Authentication (MFA) in web application security?
MFA enhances security by requiring users to provide multiple forms of authentication, making it significantly more challenging for unauthorized access.
What is a Web Application Firewall (WAF)?
A Web Application Firewall is a security system designed to protect web applications from various forms of web application attacks, including SQL injection and XSS.

Why is user education essential in web application security?
User education is crucial to help users recognize and avoid common security threats like phishing and to use strong passwords, thereby reducing the risk of successful attacks.

Testing for Security Weakness of Web Applications using Ethical Hacking

  • June 2020

  • June 2020

DOI:10.1109/ICOEI48184.2020.9143018

  • Conference: 2020 4th International Conference on
    Trends in Electronics and Informatics (ICOEI)

Authors:
 
R Sri Devi

 
Mohankumar Kumar

Promotion of ethical hacking practices to improve overall cybersecurity posture."
bottom of page