THM — Walking An Application Write-Up

Walking An Application is a Walkthrough on TryHackMe. During this exercise you have to manually assess the security of a web application.

View the page source

By inspecting the source code we can see that there is a directory for the new web page:

Navigating to the directory will give us the first flag:

Inside the HTML of the landing page, there is another secret link:

By navigating to the secrete page we can obtain another flag:

By inspecting the source code further, we can see that there is an assets directory that hold CSS and JavaScript files. We can also navigate to the directory and get its contents. The assets directory contains another flag:

Furthermore at the bottom of the HTML source code there is a comment, which includes a link to the framework used:

Opening the link and reading the documentation reveals that there is an admin panel for the framework with default credentials (admin:admin)

After navigating to the URI we can see an login page:

After login with the username admin and the password admin, we will get another flag:

Furthermore on the Change Log page for Version 1.3, that there was a vulnerability in the previous versions. The vulnerability allows downloading a backup file under /tmp.zip:

The zip-Archive contains a text file with another flag:

The Pay Wall

By right clicking on the paywall and choosing “Inspect Element” we can open the developer tools:

In the developer tools choose the div which displays the paywall. Next set the CSS display property of the element to “none”:

Finally you can read the article and get the flag:

Debugger

To inspect what is going on open the developer tools and navigate to the debugger tab. Then open the file “flash.min.js” and enable pretty printing:

On line 108 there is a call to a function called “remove”. This might be the function that removes the red box. You can now set a breakpoint on the function by clicking the line number. The breakpoint will stop the JavaScript interpreter when it is about to call the remove function:

Finally reload the page and you should see the flag:

Network

After that you should see that the web page will send a POST request. The response of the request contains the flag:

Passionate about Cyber Security. I am publishing CTF writeups and Cybersec content!