Security Misconfiguration

Difficulty:
Direct link: TryHackMe - OWASP

Objective

Task 19

Hack into the webapp, and find the flag!

Hints

Hint

Can you find the app's source code? Maybe the documentation gives you default credentials that you can try.

Solution

Start the VM and then navigate to the provided IP address. We see a login screen for a note taking app called Pensive Notes. This challenge is specifically targetting misconfiguration security risks, so we don't strictly need to scan the IP address with nmap. I did fuzz using ffuf though it was ultimately just a rabbit trail.

Pensive Notes landing page

We get four potential targets to explore using big.txt from SecList

I poked around each of these, and used DevTools to explore the "Source" code as the hint suggested. This is where this room is a bit different from other rooms or tasks I have completed with TryHackMe, where the resource isn't located within the material provided in the task. After digging through all of the various pages using DevTools and running into a brick wall every time, I started digging through some other write-ups until I saw a reference to GitHub. Searching for "Pensive Notes" with a search engine will point to a GitHub page.

Another reminder to not make assumptions, even with training.

This then is the source code that the hint wanted us to find. Scrolling through the README.md, we can easily find the default log in information.

Always conduct thorough recon

With the username and password combo, it's a simple matter of logging in to find the flag.

Have a flag!

Default Credentials are a security risk!

Default credentials are a (surprisingly common) security flaw, especially with IoT (Internet of Things) Devices.

Wrap Up

Once I figured out the specifics of this task, it was pretty straightforward. Next in the Top 10 is Cross-site Scripting