Show page

Differences

This shows you the differences between two versions of the page.

--- isc:labs:07 [2025/11/14 09:15]
florin.stancu [Tasks]
+++ isc:labs:07 [2025/11/17 10:35] (current)
florin.stancu
@@ Line 126: / Line 126: @@
 </code>
   * Connect to the application using [[http://localhost:8080/]] (assuming you forwarded the port correctly)
+  * Note:if you're running this inside WSL2, replace localhost with the IP address of the VM: ''ip addr show''!
   * Login with ''test:test''; you fail to get any flag... try to become ''admin''!
   * The most common approach when testing for SQL Injection is to input an apostrophe (''%%'%%'') in any of the provided fields ([[https://security.stackexchange.com/questions/67972/why-do-testers-often-use-the-single-quote-to-test-for-sql-injection]])
@@ Line 226: / Line 227: @@
   * Once you found it, try to find the hidden source code flag!
   * Hint: try to guess the path to a [[https://docs.npmjs.com/files/package.json|well-known file]] that all NodeJS projects have! It may reference the main script's name!
-  * You can try using a dirbuster-like tool: [[https://github.com/OJ/gobuster|gobuster]]
+  * You can try using a dirbuster-like tool: [[https://github.com/OJ/gobuster|gobuster]] (+ a web sites [[https://github.com/danielmiessler/SecLists|word list]])
 <solution -hidden>

isc/labs/07.1763104531.txt.gz · Last modified: 2025/11/14 09:15 by florin.stancu

Lectures