Hacker101 CTF Level0

4 years ago 155
BOOK THIS SPACE FOR AD
ARTICLE AD

Mark Blume


I recently wanted to get back into learning web penetration testing tactics and techniques, and found the CTF available from Hacker101 to be a valuable resource.

To practice both my technical skills, and my reporting abilities, I will be walking through the different CTF levels and presenting my findings here on Medium.


The first level of hacker101 is a trivial CTF challenge, if you have any experience in interacting with web applications outside standard browsing practices. I will use this opportunity to express the importance of using a web proxy when conducting any type of web penetration testing. This can be shown when reviewing steps necessary to find even the most trivial flag.

First, we will look at the step it takes to find this flag without a standard web proxy.

The researcher must visit the page of the CTF:

Image for post

Image for post

Level0 URI

Image for post

Image for post

Image of Level0 Webpage

Inspect the source of the page by either using the development tools or by right-clicking and using view source. In this instance, I used the developer tools to view the source of the page:

Image for post

Image for post

Source code of the page

Here you can see a HTML style tag indicating the body of the page should have a background image of background.png. The tag is using a URL to reference the PNG file, and because the URL reference is just a file name, we can conclude that the file is stored locally on the web server. We can add our background.png file in our browser:

Image for post

Image for post

Full URI to flag

We receive our flag:

Image for post

Image for post

Flag

Now if we go about this with a proxy, in this case I will be using my favorite proxy, the Zed Attack Proxy or OWASP-ZAP.

Now that we are directing traffic through our proxy, we visit the webpage, and immediately go to review this traffic in our proxy:

Image for post

Image for post

Proxy output

We can see that the proxy has seen the GET request to our main page and the GET request to the background.png the browser initially does. This is because the browser is trying to retrieve the appropriate background image indicated by the style tag, which is a GET request we may not have been aware of when just visiting the site without the proxy.

We review the contents of this additional GET request and find our flag:

Image for post

Image for post

OWASP-ZAP Flag

While this first experience in Hacker101 CTF might be a trivial one, it does show the importance of utilizing tools like a web proxy when conducting web penetration testing. Stay tuned for future articles walking through Hacker101 CTF.

Read Entire Article