THM — Walking An Application Write-Up

Walking An Application is a Walkthrough on TryHackMe. During this exercise you have to manually assess the security of a web application.

View the page source

When navigating to the website you can see the following landing page:

By inspecting the source code we can see that there is a directory for the new web page:

Navigating to the directory will give us the first flag:

Inside the HTML of the landing page, there is another secret link:

By navigating to the secrete page we can obtain another flag:

By inspecting the source code further, we can see that there is an assets directory that hold CSS and JavaScript files. We can also navigate to the directory and get its contents. The assets directory contains another flag:

Furthermore at the bottom of the HTML source code there is a comment, which includes a link to the framework used:

Opening the link and reading the documentation reveals that there is an admin panel for the framework with default credentials (admin:admin)

After navigating to the URI we can see an login page:

After login with the username admin and the password admin, we will get another flag:

Furthermore on the Change Log page for Version 1.3, that there was a vulnerability in the previous versions. The vulnerability allows downloading a backup file under /tmp.zip:

The zip-Archive contains a text file with another flag:

The Pay Wall

When navigating to the news article “3 Tips for keeping your printer working” we get a paywall:

By right clicking on the paywall and choosing “Inspect Element” we can open the developer tools:

In the developer tools choose the div which displays the paywall. Next set the CSS display property of the element to “none”:

Finally you can read the article and get the flag:

Debugger

When you open the Acme IT Support Contact site, you can see a red box pop up for a second. After that it gets removed.

To inspect what is going on open the developer tools and navigate to the debugger tab. Then open the file “flash.min.js” and enable pretty printing:

On line 108 there is a call to a function called “remove”. This might be the function that removes the red box. You can now set a breakpoint on the function by clicking the line number. The breakpoint will stop the JavaScript interpreter when it is about to call the remove function:

Finally reload the page and you should see the flag:

Network

Now open the network tab in your developer tools. Next input data into the contact page and press the “Send Message” button:

After that you should see that the web page will send a POST request. The response of the request contains the flag:

--

--

--

Passionate about Cyber Security. I am publishing CTF writeups and Cybersecurity content!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

6 Tips to Boost Node.Js Performance

Model-View-Controller in JAVA

Using Vite as a full-chain tool of developing, bundling and documenting your code.

How to customize the container component in Tailwind CSS

Basics of JavaScript — The Date Object Part 1: GET Methods

Introduction to Flutter

Handle Integration and Production Deployments for Nuxt.js Apps

Notes on Prototype Inheritance and Composition in JS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rabbit

Rabbit

Passionate about Cyber Security. I am publishing CTF writeups and Cybersecurity content!

More from Medium

HackTheBox-Forge

HTB Previse writeup

Agent Sudo — TryHackMe Walkthrough

HackTheBox — Previse