Challenges and Lab

“Defend The Web” Intro 6 | Intro 7 | Intro 8 | Intro 9 | Intro 10 Walkthrough [Part 2]

“Defend The Web” Intro 6 | Intro 7 | Intro 8 | Intro 9 | Intro 10 Walkthrough [Part 2]

Hello Hackers,

Let’s read some Cybersecurity Blogs

Today we will take a challenge to solve the next intro-level from 6 to 10 and in every blog, we will complete some amount of challenges from Defend the web, I will personally recommend you to solve the defend the web, it actually shows your knowledge in Cybersecurity domain.

INTRO 6 :

Here we have the task to send an unknown username that is not available in the selection chart, now take your time and think about it.

Now you have two options, first thing is to edit that selection chart using Inspect Element and the second thing is, to use Burpsuite and change the Parameter of username. I have followed the first procedure.

Here we can see the listed username, our duty is to edit this and add one more username with the “cum2soon” name, might you will get a different username so don’t just go on copying things, understand the concepts.

I have added the username “cum2soon” and you are done with this, close the Inspect Element, and now when you will proceed towards selecting a username, you will find one more username!!! Select that and Hit Enter with your full power, because you are done with this challenge.

INTRO 7 :

Now this challenge is related to somewhat search engine bots, whenever we wanted that a particular thing from our website should not be visible if anyone searches for it, at that time we include that endpoint in the robots.txt file. Now this will not allow bots to visit these pages.

Like here you can see this endpoint is hidden from every search engine bot, to access the robots.txt file, they have provided the clue on the front page that search engines have excluded…

Here we are good to go for the completion of this challenge, as we have got the Username and Password.

INTRO 8 :

Here, they want us to do a source code review and deal with some cryptography.

We need to go for source code and there we will find some interesting thing, that interesting thing will definitely take me towards my username and password.

We found one endpoint, now we need to access this platform and once we have accessed this we will get some encrypted things, which we need to decrypt.

This is binary encryption, you can decode this using an online binary to text decoder, After you are done with decryption you will get a username and password…

INTRO 9 :

This is something Interesting challenge, where we need to deal with Reset password functionality.

When you go through the source code of this page, you will find there is one email named “admin“, now you need to enter that email and send for Reset Password at that moment make sure you are intercepting the requests from Burpsuite.

Once you have intercepted the question change both email parameters with any different email ID and forward the request.

This is the vulnerable point, some times in real-life scenarios attacker adds one more email id with the victim’s email id and then the password reset link or OTP is forwarded to both emails.

Once you will forward the request after editing the email parameters you will find the username and password here, and we are done with this challenge.

INTRO 10 :

This challenge is about Javascript and in this we will use the console of Inspect Element.

First, after seeing the Javascript I moved towards source code and found a very interesting thing at the end of source code which was under javascript syntax.

This is what something and I quickly remember that I can take help of Inspect Element console to decode this!!!!!

Hurray!!!!!!! we got the password and we are done with this challenge…

It’s Done for today, and time to say BYE, See You All in my next Blog…

Happy Hacking!!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *