Project 8 - Pentesting Live Targets
Time spent: 5 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)
Login with:
username: pperson
password: StaR!49*whiz
Blue
Vulnerability #1: SQL Injection
Use this SQL injection:
' OR SLEEP(3)=0--'
Vulnerability #2: Session Hijacking/Fixation
Use this url: /public/hacktools/change_session_id.php. One blue session will be in one brower, the other session will be in another browser. Chrome is on the right and Edge is on the left. The two browsers will have different cookies. We can do this on the same browser but we must delete all cookies to steal the session. I logged in with the chrome browser and went to the URl which has a PHP script to give us the sessionid. I then used that sessionid to log into the edge browser, successfully stealing the session.
Green
Vulnerability #1: User Enumeration
Vulnerability #2: Cross Site Scripting (XSS)
Use this Javascript code to make an alert:
<script>alert('found this');</script>
Red
Vulnerability #1: Cross Site Request Forgery (CSRF)
Vulnerability #2: Indirect Object referencing (IDOR)