- Cyber-Edge
- Jul 14, 2020
- 1 min read
Daily Schedule
The breakdown of challenges (all of which align with the OWASP top 10) per days are as follows:
Day 1) Injection Day 2) Broken Authentication Day 3) Sensitive Data Exposure Day 4) XML External Entity Day 5) Broken Access Control Day 6) Security Misconfiguration Day 7) Cross-site Scripting Day 8) Insecure Deserialization Day 9) Components with Known Vulnerabilities Day 10) Insufficent Logging & Monitoring
This room is a good theoretical refresher of the some penetration testing related questions.Let’s get started,
To complete the questions below, navigate to http://<machine-ip>/evilshell.php
[Day 1] Command Injection Practical
#1 What strange text file is in the website root directory?
ANSWER: Use the command "ls" to list the directory in website, you will get the strange txt file.
#2 How many non-root/non-service/non-daemon users are there?
ANSWER: Use "cd" command to traverse the directory to list the user on the system.
#3 What user is this app running as?
ANSWER: Use "id" command to get the user.
#4 What is the user's shell set as?
ANSWER: "getent" command that helps the user to get the entries in a number of important text files
#5 What version of Ubuntu is running?
ANSWER: To find the version of the OS find issue.net file and print it.
#6 Print out the MOTD.What favorite beverage is shown?
ANSWER: Go to motd.d file try to print out if you cannot find the word then use "00-header"(hint in tryhackme) at end of command to print the specific header file
