Part 7 Lab Solutions

Video Activity

This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.

Join over 3 million cybersecurity professionals advancing their career

Sign up with

Required fields are marked with an *

or

Sign up with Google

Sign up with Apple

Sign up with Microsoft

View all SSO options

Already have an account? Sign In »

Course

Time

9 hours 31 minutes

Difficulty

Intermediate

CEU/CPE

10

Video Description

This lesson offers a solution to the lab of Web Goat: Insecure Configuration forced browsing. The goal was to guess to URL for the user interface and this shows participants how to make the config page appear via transversal and using a variety of commands to discover how to find the administrative interface without force.

Video Transcription

00:04

Hello and welcome to the cyber. Very secure coding course. My name is Sonny Wear, and this is a lost top 10 for 2013.

00:13

A five security Miss Configuration.

00:16

This is the lab from Web goat insecure configuration.

00:23

This is the video solution for Web goat insecure configuration forced browsing

00:29

the instructions state your goal should be to guess the euro for the config interface. Now the config u r l is on lee available to the maintenance personnel. However,

00:40

the application doesn't check for any horizontal privileges.

00:46

So

00:47

basically, what we can do is try to force

00:50

the config page to appear.

00:53

Uh, bye.

00:55

By attacking this, you are Ellen doing a directory, Divers A ll.

01:00

So we know that anything after the attacks script here is going to be a screen related function.

01:08

So I'm just gonna go ahead and remove that part,

01:11

and I'm gonna try to guess what the config interface might be. I'm going to start with

01:19

the name of the directory config and see if that works.

01:23

Okay, That didn't work.

01:25

How about if we just try

01:27

cough

01:32

and that certainly works. So we have our success message. We were able to successfully find

01:40

the administrative

01:42

interface without any kind of authorization check being done.

01:48

We just didn't forced. You are well

Up Next

Part 2 Explanations

Part 3 Comments Demo

Part 4 HiddenPages Demo

Part 5 HTMLS Web Storage Demo

Instructed By

Similar Content

Python Coding - Basic

Python Coding - Basic

The Python Coding - Basic test is a premium Cybrary assessment test created by iMocha. ...

Kali Linux Fundamentals

Kali Linux Fundamentals

If you’re interested in penetration testing and ethical hacking, then this Kali Linux course is ...

1CEUs

AWS CloudFormation

AWS CloudFormation

The AWS CloudFormation Test is a premium Cybrary assessment created by iMocha. The exam accesses ...