Hackademia Challenge 001

This is an old hacking lab game.

Summary Steps
1. View the source code of the page to find hints.
2. Use burpsuite proxy.
3. add the root to the item scope, then do web spidering.

The login page of the company. No information, there is no dynamic variables on this page.

View the source code of the login page to find hints, and yes there are something that do not exist on the front page.

Highlight the entire page and you found the username and password, actually the username and password are in the source code, you just need to verify by highlighting the entire page.

The main page contains no variables to test injection, the form does not have XSS and SQL injection vulnerability…

Use burpsuite proxy, turn off the intercept, the pages you visit will be included in the burp suite, this is known as passive scan.

Add the document root to the scope, this is for web spidering.

Do web spidering from the “/” document root and get more information from this page.

A directory known as “secret_area_” has a text file known as “mails.txt”, inside contains a list of emails. Jason Killer is the agent you need to find and send email to.

Go to Central Communication Email to send an email to Jason Killer

The challenge is completed.

Advertisements
This entry was posted in Security, Vulnerability Assessment and Pentest and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s