Path Traversal Lab Walkthrough using Burp Suite CE - PortSwigger Web Security Academy Series
HTML-код
- Опубликовано: 21 авг 2024
- I thought it would be fun to do beginner-friendly walkthroughs of all the labs in the Apprentice track in the PortSwigger Web Security Academy.
In this walkthrough we will use Burp Suite Community Edition to solve the Path Traversal lab.
Enjoy!
#portswigger #burpsuite #owasptop10 #owasp #websecurity #webapplicationsecurity #bugbounty #hacking #hacker #cybersecurity #informationsecurity #infosec #kali #kalilinux #parrotos #pentester #pentesting #redteam
Yeah Daniel!! Always great to see someone using Parrot! I'm pumped to check this video out after work, thank you for the timely and fun content!
Thanks for watching! Much love for ParrotOS 🦜
Hello Sir, I am big fan you and i had watched you on LinkedIn, It Pro Tv. And your way of teaching is amazing. I am requesting you to just be continued in this series.
Thanks for your comments! I'm so glad to hear that you enjoy my content! I'm also happy to inform you that I will be making a walkthrough video for every lab in the Portswigger Web Academy lab in the Apprentice track, so hit that notification bell so that you get an alert when the next video is available. 👍
i finished the Try Hack Me Burp Suite module and so my timing is spot on for the series. Great video!
I believe we call that 'serendipity' 😁
Thanks for watching!
Awesome video thank you sir for providing quality content and Love from India 🇮🇳
Thanks again for your support, Salman! My Indian viewers are always so very gracious 😊
subscribed.
Thanks for the sub! 😀💯
❤❤
Thanks, @psychocybernetics911! Glad you enjoyed the video!
Daniel This was AWESOME!!!!!
Thanks, Joe! I'm glad you enjoyed it 😀👍
Thank you sir ❤ Love from India 🇮🇳
You're very welcome, Salman! I'm glad you enjoyed the video. Thanks for watching!
Okay love the explanation but what i can do with that information like in real time if I am doing a pentest how would I move forward with investigating what i can find further
I LOVE this question!!! The quick answer is this...if I can find and abuse a path traversal vulnerability, then I probably also have found a Local File Inclusion(LFI) vulnerability, which is what we did in this video, and we can then abuse those vulnerabilities to read system files. Let me elaborate on the consequences of that.
In the lab, we were able to switch the file requested by the web app from a .jpg file to the /etc/passwd file. We then used the path-traversal and LFI vulnerabilities to READ SYSTEM FILES (not yelling, just emphasizing).
If I can read files on the host operating system, then, as an attacker, I'm really interested in all the files I could possibly read. Like, can I read the code in the files of the web app itself? Maybe there are some juicy creds or api keys that are hard-coded in one of those files. I've literally discovered creds to backend databases in config files and .php files. I've also found ssh keys using this technique. You'd be surprised what admins leave laying around when they assume that no one other than admins can access their server's filesystem.
Also, you could possibly chain attacks together to get shell like with an LFI2RCE attack. (read more about that here... book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-phpinfo )
Whew! Well I hope that helps clear things up a bit for you.
Cheers!
so is nologin the passwords?
Great question! The short answer is 'no'. The man page for nologin explains it like this...
"nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field to deny login access to an account."
"If the file /etc/nologin.txt exists, nologin displays its contents to the user instead of the default message."
I hope that helps clear things up for you.
Cheers!
@@daniellowrie aah that makes sense thanks