CySCA 2015 - Web Application Pentest 6 - Terminal Situation

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

It’s no coincidence this challenge is called Terminal Situation, we have a terminal sitting right in front of us.

Continue reading →

CySCA 2015 - Web Application Pentest 5 - Turn it On & Off Again

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

As an executive, we notice we’ve got some additional functionality. We notice another menu item “IT Support” and the “Executive Board” option on the home page.

Continue reading →

CySCA 2015 - Web Application Pentest 4 - Business Excellence

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

We need to gain access to the CVO (Angelina’s) account. In order to do this, we most likely will need to steal a cookie. We take a look in the leave details section and put in a leave request to see if it’s XSS protected. Additionally, we notice that the session cookie on this website is not HTTPOnly. Time to steal.

The browser will prevent javascript accessing HTTPOnly cookies, hence, if it was HTTP Only, we would be looking in the wrong place.

We do the naive thing and just put <h1>Hello</h1> in. However, the ticker spits out WARNING: XSS detected! You have been reported.. Additionally, it appears the XSS is stripped client side too.

Continue reading →

CySCA 2015 - Web Application Pentest 3 - Love Letters

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

Now that we’re logged in, lets take a poke around and see what we’re dealing with. There appears to be sections to:

  • Apply for leave, where we submit a text request. Maybe XSS or Injection on this?
  • Staff Directory, details about different staff members.
    • The “Network Administrator” has some binary in his profile. We’ll decode that later.
  • There seems to also be a message board. Maybe XSS or Injection.
  • There’s also a mail inbox.
Continue reading →

CySCA 2015 - Web Application Pentest 2 - The Eagle Has Landed

Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

We need to obtain a working account on the system.

We Register with the following details:

Name: Nick
Email: [email protected]
Password: nick
Confirm: nick
Secret Q: q
Secret A: a

We notice a message at the top:

Account Registered - Awaiting IT approval.

Continue reading →