MyMenu

Pentesteracademy HTML Injection Challenges Solved.

Challenge-16 HTML Injection 1

This was a simple one just input "><h1>@exploitprotocol</h1><xss input=" in Email field.



Challenge-17-First i tried to insert "><h1>@exploitprotocol</h1><xss input=" in Email and password but it was stripping the value's so i thought to comment out remaining portion.
so i inserted Email- "><h1>Vunerable<!--
                   Password- -->to+HTMLi<!--
and it worked.


Challenge 18-In this the following webapp analysis binary file and show the result corresponding.so i downloaded the file from the url and using the hex editor i replaced "This program cannot be run in DOS mode." with "<H1>Vunerable to HTMLi</H1>" and uploaded the file on dropbox[https://dl.dropboxusercontent.com/s/h0wm9cgim85h4d2/update_2.exe?dl=1&token_hash=AAHpw2vISIXoJdTrSdHMeOt23X9TRKQMlVkqTxzOOZJIow]


Challenge-19-In this webapp it display's the metadata of the .jpg file.so i downloaded then changed the software field of the file using software PhotoME .then pasted the link and it worked.


Overall all the challenges were pretty easy and were having different concept behind each Injection.
Posted by No comments:

Pentester Acadmey Web Application Challenge 10 Solution

First I Intercepted the request using Burp Proxy...
then response say's to set session-id value to  1049 .........i request the page many times but it only responded with session -id between 1000-1100 ...
so i used burp intruder and payload as the session-id value from 1000 to 1100and finally i found

Posted by No comments:

Pentester Academy Web Application Challenge 11 Solution

This Challenge was one of the good challenges i have seen on this site till now.
below is the snip when i first time visited the page...
 there is cookie value over here ....when i forwarded the request the response set the cookie with field s1,s2,s3,s4,s5 to some values and when i again requested the page s1,s2,s3,s4,s5 values change to something else
what i find is that s3 value have only first two digits different than any other s3 value ...rest all digits of s3 are same.

so then i used Burp intruder with first two digits of s3 as payload 

Posted by 1 comment:

Pen Tester Academy Web Application Challenge 13 Solution

First I downloaded the pcap file the using tcpxtract i extracted all the files from pass.pcap file
What i found is a 00000018.zip file which is password protected.
To crack that file i wrote an python script to create all possible combination of password's

It will Create a password.txt file ....
Now cracking 00000018.zip file using fcrackzip tool
 fcrackzip -D -p password.txt -u 00000018.zip
Password for the file is abc132
now it will create a file pass

Posted by No comments:

Pentester Academy Web Application Challenge 8 Solution

When I first opened the page there was no kind of login or authoriztion ...so, i intercepted the request using Burp Proxy and found that one cookie with the field user id is thereand seem to be like base64 encoded so i decided to decode it.
 I found decode as MA== ,i decode it once more....
final value found to be 0 .So...i thought if 0 is the user_id value for the Guest .....why not try 1 as value....so i encoded 1 then again encoded the result and finally modified the request using burp proxy

Posted by No comments:

Pentester Academy Web Application Challenge 3 Solution

This is a very simple kind of challenge with basic authorization.It uses POST method to send the request with a Authorization Header.

Here is my python Code for above challenge


Posted by No comments:

Pentester Academy Web Application Challenge 2 Solution


In this Challenge Intially there is a login form in which we have enter username "@pentesteracademy.com"+ and password and in the next step there is basic authorization in which we have to enter same username and password.
But when i tried to use burp intruder for three different payloads,username,password,and basic authorization of username and password it failed.
So,i used burp repeater and tried using OPTIONS method instead of GET method .It responded that the method is not allowed ,only Method GET & HEAD is allowed.

So it mean's if i request with HEAD method with all combination of username and password i will get authorized page.
Here is my python script for paricular above challenge


Posted by No comments:

Pentester Academy Web Application Challenge 1 Solution


As I Have Got some holiday's, i thought to do something interesting .So i thought why not solve Pentester Academy Web Application Challenges...and here i'am starting from the first challenge.
I captured the login request using burp with random password and username which is shown above.
As it is a form based login so only we have to iterate over password field and username which has only two possibilties jack & admin .

Here is my Python Code for the above problem:

It Is fairly a simple code.But who do not have knowledge of Python urllib2 library,i have another solution for You ...
You can intercept the request using the burp and then send the Request to the Burp Intruder and apply payload only for password....

then create and load a password list in the payload option and then start the attack.
And you will find Email-admin@pentesteracadmey.com, Password-zzzxy


Posted by No comments:
Subscribe to: Posts (Atom)