Part 7 Lab Solutions

Video Activity

This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.

Join over 3 million cybersecurity professionals advancing their career

Sign up with

Required fields are marked with an *

or

Sign up with Google

Sign up with Apple

Sign up with Microsoft

View all SSO options

Already have an account? Sign In »

Course

Time

9 hours 31 minutes

Difficulty

Intermediate

CEU/CPE

10

Video Description

This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.

Video Transcription

00:04

Hello and welcome to the cyber. Very secure coding course. My name is Sonny Wear, and this is a lost top 10 for 2013.

00:13

A five security Miss Configuration.

00:16

This is the lab from Web goat insecure configuration.

00:23

This is the video solution for Web goat insecure configuration forced browsing

00:29

the instructions state your goal should be to guess the euro for the config interface. Now the config u r l is on lee available to the maintenance personnel. However,

00:40

the application doesn't check for any horizontal privileges.

00:46

So

00:47

basically, what we can do is try to force

00:50

the config page to appear.

00:53

Uh, bye.

00:55

By attacking this, you are Ellen doing a directory, Divers A ll.

01:00

So we know that anything after the attacks script here is going to be a screen related function.

01:08

So I'm just gonna go ahead and remove that part,

01:11

and I'm gonna try to guess what the config interface might be. I'm going to start with

01:19

the name of the directory config and see if that works.

01:23

Okay, That didn't work.

01:25

How about if we just try

01:27

cough

01:32

and that certainly works. So we have our success message. We were able to successfully find

01:40

the administrative

01:42

interface without any kind of authorization check being done.

01:48

We just didn't forced. You are well

Up Next

Part 2 Explanations

Part 3 Comments Demo

Part 4 HiddenPages Demo

Part 5 HTMLS Web Storage Demo

Instructed By

Similar Content

Python Coding - Basic

Python Coding - Basic

The Python Coding - Basic test is a premium Cybrary assessment test created by iMocha. ...

Kali Linux Fundamentals

Kali Linux Fundamentals

If you’re interested in penetration testing and ethical hacking, then this Kali Linux course is ...

1 CEU/CPE Hours Available

Certificate of Completion Offered

AWS CloudFormation

AWS CloudFormation

The AWS CloudFormation Test is a premium Cybrary assessment created by iMocha. The exam accesses ...