https://tryhackme.com/room/owasptop10

TryHackMe — OWASP Top 10 — Authentication

Authentication is one of OWASP's Top 10 Vulnerabilities and this blog serves to provide a walkthrough of the TryHackMe Lab on the OWASP Top 10 which provided insight into this specific vulnerabilty and how to exploit it.

What is Authentication as it relates to OWASP?

https://tryhackme.com/room/owasptop10

Broken Authentication Practical

To see this in action go to http://IPADDRESS:8888 and try to register a user name darren, you’ll see that the user already exists so then try to register a user darrenand you’ll see that you are now logged in and will be able to see the content present only in Darren’s account which in our case is the flag that you need to retrieve.

I will now attempt to register _darren with a space before it for the username and the other credentials required that I will create…The user _darren is created

Log in with the credentials just created and be sure to include the space before the username to retrieve the flag…

This allowed me to log in and access the previously registered darren’s account despite not having any of his credentials to do so.

What is the flag that you found in darren’s account?

  • fe86079416a21a3c99937fxa8874b667

What is the flag that you found in arthur’s account?

  • d9ac0f7db4fda460ac3xdeb75d75e16e

--

--

--

I'm here to write about my experiences and all that I am learning while exploring the fascinating world of tech and cybersecurity. Follow my blog.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Deeper Network: YEAR ONE

Delta’s Bug Bounty Program

Listed on Coinhunt top5 Right now!!!

whatsapp_image_2021-05-26_at_14.50.46.jpeg

Anonymously transaction on public blockchains

SushiSwap is live on Polygon!

Is Speech to Text Software More Secure Than Human Transcription Services?

{UPDATE} Jigsaw Puzzle Hack Free Resources Generator

Reachability and Risk: Tools for Security Leaders

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Katjah Smith👩🏽‍💻

Katjah Smith👩🏽‍💻

I'm here to write about my experiences and all that I am learning while exploring the fascinating world of tech and cybersecurity. Follow my blog.

More from Medium

SQL injection Union attack: Finding columns with a useful data type.

Intigriti -1337up CTF — Warmup Encoder writeup

Simple CTF — Lab and Report

Learning Binary Exploitation — 1