https://tryhackme.com/room/owasptop10

TryHackMe — OWASP Top 10 — Authentication

Authentication is one of OWASP's Top 10 Vulnerabilities and this blog serves to provide a walkthrough of the TryHackMe Lab on the OWASP Top 10 which provided insight into this specific vulnerabilty and how to exploit it.

What is Authentication as it relates to OWASP?

https://tryhackme.com/room/owasptop10

Broken Authentication Practical

To see this in action go to http://IPADDRESS:8888 and try to register a user name darren, you’ll see that the user already exists so then try to register a user darrenand you’ll see that you are now logged in and will be able to see the content present only in Darren’s account which in our case is the flag that you need to retrieve.

I will now attempt to register _darren with a space before it for the username and the other credentials required that I will create…The user _darren is created

Log in with the credentials just created and be sure to include the space before the username to retrieve the flag…

This allowed me to log in and access the previously registered darren’s account despite not having any of his credentials to do so.

What is the flag that you found in darren’s account?

  • fe86079416a21a3c99937fxa8874b667

What is the flag that you found in arthur’s account?

  • d9ac0f7db4fda460ac3xdeb75d75e16e

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Katjah Smith👩🏽‍💻

I'm here to write about my experiences and all that I am learning while exploring the fascinating world of tech and cybersecurity. Follow my blog.