TryHackMe (Task 7)Broken Authentication Practical {OWASP walk-through}

Hello hackers!

In this story, we’ll be looking at a logic flaw within the authentication mechanism. A lot of times what happens is that developers forget to sanitize the input(username & password) given by the user in the code of their application, which can make them vulnerable to attacks like SQL injection. However, we are going to focus on a vulnerability that happens because of a developer’s mistake but is very easy to exploit i.e re-registration of an existing user.

Let’s understand this with the help of an example, say there is an existing user with the name admin and now we want to get access to their account so what we can do is try to re-register that username but with slight modification. We are going to enter “ admin”(notice the space in the starting). Now when you enter that in the username field and enter other required information like email id or password and submit that data. It will actually register a new user but that user will have the same right as a normal admin. That new user will also be able to see all the content presented under the user admin.

To see this in action go to http://10.10.147.50:8888 and try to register a user name darren, you’ll see that the user already exists so then try to register a user “ darren” and you’ll see that you are now logged in and will be able to see the content present only in Darren’s account which in our case is the flag that you need to retrieve.

#1 What is the flag that you found in darren’s account?

We can visit the website http://MACHINE_IP:8888.

I’m trying to be registered as “darren”.

There was one such register.

I’m leaving a space at the beginning of the word darren.

I’m signing in as a member.

Success!

We found the flag!!

ans : fe86079416a21a3c99937fea8874b667

#2 Now try to do the same trick and see if you can log in as arthur.

#3 What is the flag that you found in arthur’s account?

ans : d9ac0f7db4fda460ac3edeb75d75e16e

Broken Authentication and Command Injection, done and dusted!

I’ll be doing sensitive data Exposure, XML External Entity, Broken Access Control, and Security misconfiguration tomorrow.

This box was really fun! I love the ones that have a story/theme that goes along with them.

Hope you guys enjoyed this tutorial, let me know if you try this out. Follow me for more projects like this and come hang out with me on Instagram: @razrexe

Stay curious!!