This repository is to track and accept the write-up submissions for the WebSploit Labs workshop hosted by the Red Team Village during YASCON.
This repository is to track and accept the write-up submissions for the WebSploit Labs workshop hosted by the Red Team Village during YASCON.
To submit a write up simply create an issue to this repository. The first person that submits an issue with the full write up (all vulnerabilties) in the WebSploit container created for YASCON will receive a prize.
Please feel free to ask any questions to the voluteers at the YASCON Discord Server.
Please use markdown and document your submission in detail. Feel free to include screenshots and other evidence of ALL vulnerabilities found in the WebSploit Docker container for YASCON.
Hi im Arnold Prakash,im a noobie in this field the workshop was a great help for me ,please forgive my mistakes.This is my firstever write up in my life. and im using github also for the first time even though i had an account.
First lets update the docker. use this command
wget https://websploit.org/update.sh
and
bash update.sh
sorry for the long screenshot i didn't get time to edit it.
now lets have fun
'docker ps' to see the status
when everything is going right go to your browser and type
http://127.0.0.1:9002
the web app is ready to get abused.
while surfing through the page i saw an hash below the google maps.
this is a base 64 hash so lets decode it with an online decoder
may be this is a clue.. we should check all the directories now.
lets see....
wait what am i seeing here
is this the flag ..?
not sure im just a curious beginer. hahaha.
let's analysze this hash using any online hash analyzer.
its a SHA2-256 type of hash.
lets try to decode it.
i cross cheched with built-in tool of kali
sudo hash-decoder
just paste the hash there
seeing this you might feel like how can some one be so nooobbbieee hahaha i am :)
im just adding screenshot of the agrassive scan done to the ip also,i have no reason for it, i just felt like doing it.
flag: f15f48da327e692e8f36e583426b95edc9838bbf1382508f0044a18df59e5ddd
since there i couldnt find no other place do any xss or sql injection type acctacks im wraping up here.
thank you for reading. Happy hacking. Peace out.
contact : [email protected]
while i scaned with a tool called nikto i could find more about the server and version and its vulnerabilities.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
