CompTIA Pentest Challenge 1: Super Basic Web App Testing Writeup
I'm doing the CompTIA Pentest challenge and figured I'd document my solution for the first challenge. The challenge was very basic but I've never done a write-up before so baby steps.
Basically there's a vulnerable machine and you have to find the password to get into the back-end. They provide you with the IP as a start.
First I used nmap on the IP.
There's an open HTTP port so it's a web server. Let's try dirb to get some info.
Ah, web crawler page, cool. Let's check out the page to see if we can find anything interesting.
A page called hr_expenses.html that's disallowed from display, looks like we're on the right track. Let's have a look at the page.
Looks pretty shitty! Let's open the developer tools and check it out.
There's the password!
Basically there's a vulnerable machine and you have to find the password to get into the back-end. They provide you with the IP as a start.
First I used nmap on the IP.
There's an open HTTP port so it's a web server. Let's try dirb to get some info.
Ah, web crawler page, cool. Let's check out the page to see if we can find anything interesting.
A page called hr_expenses.html that's disallowed from display, looks like we're on the right track. Let's have a look at the page.
Looks pretty shitty! Let's open the developer tools and check it out.
Comments
Post a Comment