.png)
4 days ago
18 BOOK THIS SPACE FOR AD
ARTICLE AD
Learn to identify and prevent Security Misconfigurations through practical scenarios on TryHackMe.
Previously, we performed guessing the full credentials and brute forcing pages of client profiles before.
Now, we want to take a look at the full credentials vulnerability for an application that is implemented on the web page. So this is not a user account on a webpage that a user sets up. This is something that the server’s owner or the webpage owner sets up once using an application within a web page.
Security misconfiguration includes:
Poorly configured permissions on cloud services.Default accounts with unchanged passwords.Error messages that are overly detailed and allow an attacker to find out more about the system.Having unnecessary features enabled like services, pages, accounts, or privileges.If this is your first time working on TryHackMe and you don’t know how to set it up then, check out the bonus resource section at the end.
Navigate to: https://tryhackme.com/room/owasptop10 → Task 19
It says that it’s an app so let’s find it on google
A GitHub repo (Hmmm…)
In the README we can find the default credential to log in.
Let’s try to log in with that credential.
We have successfully logged in.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
© 2024 Ashutosh Singh Patel
Bengali (Bangladesh) · 
English (United States) ·