diff --git a/README.md b/README.md index 2d1464a..132f572 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,18 @@ | Difficulty (Points) | Name | Skills | Completion | | ------------------- | ------------------------------------------------- | ------------ | ---------- | | Trivial (1 / flag) | [A little something to get you started][2] | Web | 1 / 1 | -| Easy (2 / flag) | Micro-CMS v1 | Web | 0 / 4 | -| Moderate (3 / flag) | Micro-CMS v2 | Web | 0 / 3 | -| Hard (9 / flag) | Encrypted Pastebin | Web, Crypto | 0 / 4 | +| Easy (2 / flag) | [Micro-CMS v1][4] | Web | 4 / 4 | +| Moderate (3 / flag) | [Micro-CMS v2][5] | Web | 2 / 3 | +| Hard (9 / flag) | [Encrypted Pastebin][6] | Web, Crypto | 1 / 4 | | Moderate (6 / flag) | Photo Gallery | Web | 0 / 3 | -| Moderate (5 / flag) | Cody's First Blog | Web | 0 / 3 | +| Moderate (5 / flag) | [Cody's First Blog][7] | Web | 3 / 3 | | Easy (4 / flag) | [Postbook][3] | Web | 7 / 7 | | Moderate (0 / flag) | Ticketastic: Demo Instance | Web | 0 / 0 | | Moderate (5 / flag) | Ticketastic: Live Instance | Web | 0 / 2 | | Easy (3 / flag) | Petshop Pro | Web | 0 / 3 | | Hard (7 / flag) | Model E1337 - Rolling Code Lock | Web, Math | 0 / 2 | | Moderate (5 / flag) | TempImage | Web | 0 / 2 | -| Easy (2 / flag) | H1 Thermostat | Android | 0 / 2 | +| Easy (2 / flag) | [H1 Thermostat][8] | Android | 2 / 2 | | Expert (13 / flag) | Model E1337 v2 - Hardened Rolling Code Lock | Math | 0 / 1 | | Moderate (3 / flag) | Intentional Exercise | Android | 0 / 1 | | Moderate (4 / flag) | Hello World! | Native | 0 / 1 | @@ -30,3 +30,8 @@ [1]: https://ctf.hacker101.com/ctf [2]: ./a_little_something_to_get_you_started [3]: ./postbook +[4]: ./micro-cms_v1 +[5]: ./micro-cms_v2 +[6]: ./encrypted_pastebin +[7]: ./cody-first-blog +[8]: ./h1-thermostat diff --git a/cody-first-blog/README.md b/cody-first-blog/README.md new file mode 100644 index 0000000..6899b6a --- /dev/null +++ b/cody-first-blog/README.md @@ -0,0 +1,22 @@ +# Cody's First Blog + +## [Flag0](./flag0) -- Found + +- What was the first input you saw? +- Figuring out what platform this is running on may give you some ideas. +- Code injection usually doesn’t work. + + +## [Flag1](./flag1) -- Found + +- Make sure you check everything you’re provided. +- Unused code can often lead to information you wouldn’t otherwise get. +- Simple guessing might help you out. + + +## [Flag2](./flag2) -- Found + +- Read the first blog post carefully. +- We talk about this in the Hacker101 File Inclusion Bugs video +- Where can you access your own stored data? +- Include doesn’t just work for filenames. diff --git a/cody-first-blog/flag0/README.md b/cody-first-blog/flag0/README.md new file mode 100644 index 0000000..183fc6a --- /dev/null +++ b/cody-first-blog/flag0/README.md @@ -0,0 +1,15 @@ +# Cody's First Blog - FLAG0 + +The contents written on the page indicates that it can’t communicate to outside world which means it has a localhost and PHP doesn’t need a template indicate it is written in PHP. + +## Step 1 : Check Source Code + +Check the source code of the page in order to know the backend of the page in which it was built and luckily we saw the way to reach to the admin page. I just copy paste the `?page=admin.auth.inc` in the url and redirected to the admin page. + +![](./images/source_code.png) + +## Step 2 : Exploit + +Cool! Now the most common and exploitable security issue face by PHP is remote code execution. For this I just put a simple PHP script into the comment box `` . This redirected to a new page with the flag. + +![](./images/flag.jpg) diff --git a/cody-first-blog/flag0/images/flag.jpg b/cody-first-blog/flag0/images/flag.jpg new file mode 100644 index 0000000..a0c0e2a Binary files /dev/null and b/cody-first-blog/flag0/images/flag.jpg differ diff --git a/cody-first-blog/flag0/images/source_code.png b/cody-first-blog/flag0/images/source_code.png new file mode 100644 index 0000000..a38b149 Binary files /dev/null and b/cody-first-blog/flag0/images/source_code.png differ diff --git a/cody-first-blog/flag1/README.md b/cody-first-blog/flag1/README.md new file mode 100644 index 0000000..0fefcf4 --- /dev/null +++ b/cody-first-blog/flag1/README.md @@ -0,0 +1,16 @@ +# Cody's First Blog - FLAG1 + +## Step 1 : Admin Page + +Back to admin page the next thing that struck me is to crack the password and the username to get access as a root. I tried all the possible combinations but couldn’t get the one. + +Then I just checked page source of admin page and again couldn’t get anything. + +![](./images/admin_login.png) + + +## Step 2 : Flag + +I just looked at the url which was written as `?page=admin.auth.inc` . I did something extremely silly by removing **auth** from the url and rewrite it as `?page=admin.inc` and I was redirected to a new page. + +![](./images/flag.jpg) diff --git a/cody-first-blog/flag1/images/admin_login.png b/cody-first-blog/flag1/images/admin_login.png new file mode 100644 index 0000000..e6a90b9 Binary files /dev/null and b/cody-first-blog/flag1/images/admin_login.png differ diff --git a/cody-first-blog/flag1/images/flag.jpg b/cody-first-blog/flag1/images/flag.jpg new file mode 100644 index 0000000..b06e7e7 Binary files /dev/null and b/cody-first-blog/flag1/images/flag.jpg differ diff --git a/cody-first-blog/flag2/README.md b/cody-first-blog/flag2/README.md new file mode 100644 index 0000000..3bf9510 --- /dev/null +++ b/cody-first-blog/flag2/README.md @@ -0,0 +1,21 @@ +# Cody's First Blog - FLAG2 + +## Step 1 : include() + +After going through the hints and reading the contents written on home page I saw the `include()`. This makes me think that PHP has an include() option and after gathering some information about it on Google which says that PHP does have an issue with it. So I tested this by modifying the URL as “?page=include()” I get an error and it took me to a new page. + +![](./images/include.png) + +## Step 2 : Adding Exploit + +I felt I was on the right track so I just use the PHP blind injection trick to read the index file content and for this I comment a simple command as `` in the comment section on the home page. Nothing happened. + +![](./images/admin.png) + +I realized I have to approve this statement as admin and now I have the access too of the admin portal. I approved it and go back I see I am still missing something. + +## Step 3 : Flag + +If I go back to `?page=http://localhost/index` and displaying all the comments that I have submitted. And if I look at the page source I can see all the PHP comments I have submitted and the flag. + +![](./images/flag.jpg) diff --git a/cody-first-blog/flag2/images/admin.png b/cody-first-blog/flag2/images/admin.png new file mode 100644 index 0000000..00e6b7e Binary files /dev/null and b/cody-first-blog/flag2/images/admin.png differ diff --git a/cody-first-blog/flag2/images/flag.jpg b/cody-first-blog/flag2/images/flag.jpg new file mode 100644 index 0000000..49506bc Binary files /dev/null and b/cody-first-blog/flag2/images/flag.jpg differ diff --git a/cody-first-blog/flag2/images/include.png b/cody-first-blog/flag2/images/include.png new file mode 100644 index 0000000..a978f7b Binary files /dev/null and b/cody-first-blog/flag2/images/include.png differ diff --git a/encrypted_pastebin/README.md b/encrypted_pastebin/README.md new file mode 100644 index 0000000..e72fbae --- /dev/null +++ b/encrypted_pastebin/README.md @@ -0,0 +1,7 @@ +# Encrypted Pastebin + +## [Flag0](./flag0) -- Found + +- What are these encrypted links? +- Encodings like base64 often need to be modified for URLs. Thanks, HTTP +- What is stopping you from modifying the data? Not having the key is no excuse diff --git a/encrypted_pastebin/flag0/README.md b/encrypted_pastebin/flag0/README.md new file mode 100644 index 0000000..ddb5306 --- /dev/null +++ b/encrypted_pastebin/flag0/README.md @@ -0,0 +1,24 @@ +# Encrypted Pastebin - FLAG0 + + +## Step 1 : Create Post + +- Create a random post. + +![](images/edit.png) + + +## Step 2 : Changing URL + +- Submit the Request. +- There is a weird url. + +![](images/url.png) + +## Step 3 : Flag + +- Remove the value given to `post` variable. + +![](images/url_change.png) + +**Background:** We are tampering the parameters in order to get any sensitive data any leakage. This can be solved in many other ways. We ourselves found more than 4 ways to get this flag. One by changing the value and another by decoding the URL parameter which looked like base64 and one through burp and the one which we mentioned above is the easiest one. diff --git a/encrypted_pastebin/flag0/images/edit.png b/encrypted_pastebin/flag0/images/edit.png new file mode 100644 index 0000000..f41442b Binary files /dev/null and b/encrypted_pastebin/flag0/images/edit.png differ diff --git a/encrypted_pastebin/flag0/images/url.png b/encrypted_pastebin/flag0/images/url.png new file mode 100644 index 0000000..519baf2 Binary files /dev/null and b/encrypted_pastebin/flag0/images/url.png differ diff --git a/encrypted_pastebin/flag0/images/url_change.png b/encrypted_pastebin/flag0/images/url_change.png new file mode 100644 index 0000000..4f4e597 Binary files /dev/null and b/encrypted_pastebin/flag0/images/url_change.png differ diff --git a/h1-thermostat/README.md b/h1-thermostat/README.md new file mode 100644 index 0000000..df7915a --- /dev/null +++ b/h1-thermostat/README.md @@ -0,0 +1,13 @@ +# H1 Thermostat + +## [Flag0](./flag) -- Found + +- Communication is key. +- Have you looked at what the app is sending to the server? + + +## [Flag1](./flag) -- Found + +- Doesn't the MAC seem interesting? +- Access to the source code would help +- Check out the Android Quickstart video from Hacker101 diff --git a/h1-thermostat/flag/README.md b/h1-thermostat/flag/README.md new file mode 100644 index 0000000..bd3fc95 --- /dev/null +++ b/h1-thermostat/flag/README.md @@ -0,0 +1,36 @@ +# H1 Thermostat - FLAG0 & FLAG1 + +## Step 1 : Download the APK + +![](./images/starting_up.png) + +Reload the Page + +![](./images/download.png) + +## Step 2 : Decompile the APK + +Visit the Website - [APK Decompiler](http://www.javadecompilers.com/apk) + +![](./images/decompile.png) + +Click on `Choose File` and select the APK you just download. Click on `Upload and Decompile` + +## Step 3 : FLAG + +You can see two options displaying as `resources` and `sources`. Go to on `resources`. Click on `AndroidManifest.xml`. We will see the location and the name of the android apk. + +![](./images/android_link.png) + +Now we have to do look for file in `com -> hacker101 -> level11` as `ThermostatActivity.jav`a to get the flags. + +> Didn’t find anything. + +![](./images/location_flag.png) + +Going through the code we saw the file `ThermostatActivity.java` is connected to `PayloadRequest.java` I just go back and click on the file. + +Opening the file and scrolling it down, got flag 1 and in the same file scrolling it a bit more you can see flag 2. + + +![](./images/flag.png) diff --git a/h1-thermostat/flag/images/android_link.png b/h1-thermostat/flag/images/android_link.png new file mode 100644 index 0000000..7a872c9 Binary files /dev/null and b/h1-thermostat/flag/images/android_link.png differ diff --git a/h1-thermostat/flag/images/decompile.png b/h1-thermostat/flag/images/decompile.png new file mode 100644 index 0000000..6afc8e7 Binary files /dev/null and b/h1-thermostat/flag/images/decompile.png differ diff --git a/h1-thermostat/flag/images/download.png b/h1-thermostat/flag/images/download.png new file mode 100644 index 0000000..babe7e9 Binary files /dev/null and b/h1-thermostat/flag/images/download.png differ diff --git a/h1-thermostat/flag/images/flag.png b/h1-thermostat/flag/images/flag.png new file mode 100644 index 0000000..87440dc Binary files /dev/null and b/h1-thermostat/flag/images/flag.png differ diff --git a/h1-thermostat/flag/images/location_flag.png b/h1-thermostat/flag/images/location_flag.png new file mode 100644 index 0000000..33a496c Binary files /dev/null and b/h1-thermostat/flag/images/location_flag.png differ diff --git a/h1-thermostat/flag/images/starting_up.png b/h1-thermostat/flag/images/starting_up.png new file mode 100644 index 0000000..f6b33d4 Binary files /dev/null and b/h1-thermostat/flag/images/starting_up.png differ diff --git a/micro-cms_v1/README.md b/micro-cms_v1/README.md new file mode 100644 index 0000000..7898b5a --- /dev/null +++ b/micro-cms_v1/README.md @@ -0,0 +1,26 @@ +# Micro-CMS v1 + + +## [Flag0](./flag0) -- Found + +- Try creating a new page +- How are pages indexed? +- Look at the sequence of IDs +- If the front door doesn't open, try the window +- In what ways can you retrieve page contents? + +## [Flag1](./flag1) -- Found + +- Make sure you tamper with every input +- Have you tested for the usual culprits? XSS, SQL injection, path injection +- Bugs often occur when an input should always be one type and turns out to be another +- Remember, form submissions aren't the only inputs that come from browsers + +## [Flag2](./flag2) -- Found + +- Sometimes a given input will affect more than one page +- The bug you are looking for doesn't exist in the most obvious place this input is shown + +## [Flag3](./flag3) -- Found + +- Script tags are great, but what other options do you have? diff --git a/micro-cms_v1/flag0/README.md b/micro-cms_v1/flag0/README.md new file mode 100644 index 0000000..db04840 --- /dev/null +++ b/micro-cms_v1/flag0/README.md @@ -0,0 +1,29 @@ +# Micro-CMS v1 - FLAG0 + +## Step 1 : Try creating a new page. + +![](images/page_create.png) + + +## Step 2 : How are pages indexed? / Look at the sequence of IDs + +![](images/source_code.png) + +The page we created it number 12. So we have to try visiting the other pages manually. + + +## Step 3 : If the front door doesn't open, try the window + +![](images/forbidden.png) + +We get forbidden on page 5 which means that only authorized personnel can visit the page. We can bypass it by changing the endpoints. + + +## Step 4 : In what ways can you retrieve page contents? / FLAG + +Let's try edit page. + +![](images/flag.png) + + +**Background:** Here the developer has Restricted the users from accessing the sensitive information which are stored in the page number 5 but did not blocked the Edit option which makes it accessible to everyone. This lab tells us to search and hack every directory. diff --git a/micro-cms_v1/flag0/images/flag.png b/micro-cms_v1/flag0/images/flag.png new file mode 100644 index 0000000..084de31 Binary files /dev/null and b/micro-cms_v1/flag0/images/flag.png differ diff --git a/micro-cms_v1/flag0/images/forbidden.png b/micro-cms_v1/flag0/images/forbidden.png new file mode 100644 index 0000000..12e22b0 Binary files /dev/null and b/micro-cms_v1/flag0/images/forbidden.png differ diff --git a/micro-cms_v1/flag0/images/page_create.png b/micro-cms_v1/flag0/images/page_create.png new file mode 100644 index 0000000..cfb0324 Binary files /dev/null and b/micro-cms_v1/flag0/images/page_create.png differ diff --git a/micro-cms_v1/flag0/images/source_code.png b/micro-cms_v1/flag0/images/source_code.png new file mode 100644 index 0000000..5997f08 Binary files /dev/null and b/micro-cms_v1/flag0/images/source_code.png differ diff --git a/micro-cms_v1/flag1/README.md b/micro-cms_v1/flag1/README.md new file mode 100644 index 0000000..b72e838 --- /dev/null +++ b/micro-cms_v1/flag1/README.md @@ -0,0 +1,14 @@ +# Micro-CMS v1 - FLAG1 + +## Step 1 : Make sure you tamper with every input + +![](images/edit.png) + +Put a `'` mark in the url and reload the page. + +## Step 2 : Flag + +![](images/flag.png) + + +**Background:** Here the edit parameter was vulnerable to the SQL injection whenever we give `'` or `=` characters to the server and it throws an SQL error. There is very high chance that it is vulnerable to the SQL injection or even XSS. This lab insists us to check for SQL diff --git a/micro-cms_v1/flag1/images/edit.png b/micro-cms_v1/flag1/images/edit.png new file mode 100644 index 0000000..ed6479c Binary files /dev/null and b/micro-cms_v1/flag1/images/edit.png differ diff --git a/micro-cms_v1/flag1/images/flag.png b/micro-cms_v1/flag1/images/flag.png new file mode 100644 index 0000000..8ec2b60 Binary files /dev/null and b/micro-cms_v1/flag1/images/flag.png differ diff --git a/micro-cms_v1/flag2/README.md b/micro-cms_v1/flag2/README.md new file mode 100644 index 0000000..05ad86c --- /dev/null +++ b/micro-cms_v1/flag2/README.md @@ -0,0 +1,21 @@ +# Micro-CMS v1 - FLAG2 + + +## Step 1 : Sometimes a given input will affect more than one page + +Open the previous page, and edit the Title and Body with a XSS Payload -> `` + +![](images/edit.png) + + +## Step 2 : The bug you are looking for doesn't exist in the most obvious place this input is shown + +Go the home page. + +## Step 3 : Flag + +![](images/flag.png) + +As soon as we navigate to our homepage the XSS payload gets executed. + +**Background:** The website is vulnerable to stored XSS anything which is written in the comment boxes gets executed when we navigate to those page. You can see that in the place of page name our payload has been executed. This lab insists us to check for XSS wherever the user input is taken. diff --git a/micro-cms_v1/flag2/images/edit.png b/micro-cms_v1/flag2/images/edit.png new file mode 100644 index 0000000..4eece59 Binary files /dev/null and b/micro-cms_v1/flag2/images/edit.png differ diff --git a/micro-cms_v1/flag2/images/flag.png b/micro-cms_v1/flag2/images/flag.png new file mode 100644 index 0000000..bf176a2 Binary files /dev/null and b/micro-cms_v1/flag2/images/flag.png differ diff --git a/micro-cms_v1/flag3/README.md b/micro-cms_v1/flag3/README.md new file mode 100644 index 0000000..0c76202 --- /dev/null +++ b/micro-cms_v1/flag3/README.md @@ -0,0 +1,14 @@ +# Micro-CMS v1 - FLAG3 + +## Step 1 : Script tags are great, but what other options do you have? + +Edit the button function with your JavaScript payload -> `onclick="alert(document.cookie)"` + +![](images/payload.png) + +Save it and open the source of the website. + + +![](images/flag.png) + +**Background:** As the edit function is vulnerable to XSS. We could change the buttons functionality and could trick the users to give their sensitive information like credentials and cookies. XSS are quite Creative in nature. diff --git a/micro-cms_v1/flag3/images/flag.png b/micro-cms_v1/flag3/images/flag.png new file mode 100644 index 0000000..5ac3fc3 Binary files /dev/null and b/micro-cms_v1/flag3/images/flag.png differ diff --git a/micro-cms_v1/flag3/images/payload.png b/micro-cms_v1/flag3/images/payload.png new file mode 100644 index 0000000..e335a88 Binary files /dev/null and b/micro-cms_v1/flag3/images/payload.png differ diff --git a/micro-cms_v2/README.md b/micro-cms_v2/README.md new file mode 100644 index 0000000..f26ec9e --- /dev/null +++ b/micro-cms_v2/README.md @@ -0,0 +1,14 @@ +# Micro-CMS v2 + + +## [Flag0](./flag0) -- Found + +- Regular users can only see public pages +- Getting admin access might require a more perfect union +- Knowing the password is cool, but there are other approaches that might be easier + +## [Flag1](./flag1) -- Found + +- What actions could you perform as a regular user on the last level, which you can't now? +- Just because request fails with one method doesn't mean it will fail with a different method +- Different requests often have different required authorization diff --git a/micro-cms_v2/flag0/README.md b/micro-cms_v2/flag0/README.md new file mode 100644 index 0000000..b08b468 --- /dev/null +++ b/micro-cms_v2/flag0/README.md @@ -0,0 +1,71 @@ +# Micro-CMS v2 - FLAG0 + +## Step 1 : Login + +- Go to Create New page. +- In-order to create a page you must login. + +![](images/login.png) + +## Step 2 : Get Request + +- Put any random credentials and capture the request. +- You can use BurpSuite to capture the request. + +**Captured Request** + +``` +POST /e883720fe9/login HTTP/1.1 +Host: 35.190.155.168 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 84 +Origin: http://35.190.155.168 +Connection: close +Referer: http://35.190.155.168/e883720fe9/login +Upgrade-Insecure-Requests: 1 + +username=admin &password=password +``` + +## Step 3 : Create SQL Payload + +- Payload: `'UNION SELECT 'hack' as password#` + +``` +POST /e883720fe9/login HTTP/1.1 +Host: 35.190.155.168 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 84 +Origin: http://35.190.155.168 +Connection: close +Referer: http://35.190.155.168/e883720fe9/login +Upgrade-Insecure-Requests: 1 + +username= admin 'UNION SELECT 'hack' as password#&password=hack +``` +- Open the website, in new tab. + +![](images/logged_in.png) + +## Step 4 : Admin Access + +![](images/admin_acc.png) + +- Go to Private Page + +## Step 5 : Flag + +![](images/FLAG.png) + + +**Background:** The login page is vulnerable to SQL injection when we give the username as admin' UNION SELECT "hack" as password# and password=hack. We are making the web application think that the given credentials of the admin user are same and are matched with the previous credentials in order to understand this you have to have good knowledge in SQLI. + +You can learn them from the blog - https://blog.hackhunt.in/2021/08/concept-of-sql-injection.html diff --git a/micro-cms_v2/flag0/images/FLAG.png b/micro-cms_v2/flag0/images/FLAG.png new file mode 100644 index 0000000..4c07420 Binary files /dev/null and b/micro-cms_v2/flag0/images/FLAG.png differ diff --git a/micro-cms_v2/flag0/images/admin_acc.png b/micro-cms_v2/flag0/images/admin_acc.png new file mode 100644 index 0000000..562bc34 Binary files /dev/null and b/micro-cms_v2/flag0/images/admin_acc.png differ diff --git a/micro-cms_v2/flag0/images/logged_in.png b/micro-cms_v2/flag0/images/logged_in.png new file mode 100644 index 0000000..440cbc1 Binary files /dev/null and b/micro-cms_v2/flag0/images/logged_in.png differ diff --git a/micro-cms_v2/flag0/images/login.png b/micro-cms_v2/flag0/images/login.png new file mode 100644 index 0000000..454f87f Binary files /dev/null and b/micro-cms_v2/flag0/images/login.png differ diff --git a/micro-cms_v2/flag1/README.md b/micro-cms_v2/flag1/README.md new file mode 100644 index 0000000..2688ceb --- /dev/null +++ b/micro-cms_v2/flag1/README.md @@ -0,0 +1,16 @@ +# Micro-CMS v2 - FLAG1 + +## Step 1 : Send Post Request + +- Fire up the terminal and send the post request to the target using curl. + +Command -> `curl -v -X POST http://x.x.x.x/x/page/edit/2` + +## Step 2 : Flag + +This will give all the headers and show you the response of the server. + +![](images/flag.png) + + +**Background:** Many times the developers leave private API keys and other sensitive information like database version and others. This lab tells us the importance of viewing the response of a request. This can also be done in a proxy like burp or OWASP Zap. diff --git a/micro-cms_v2/flag1/images/flag.png b/micro-cms_v2/flag1/images/flag.png new file mode 100644 index 0000000..8446268 Binary files /dev/null and b/micro-cms_v2/flag1/images/flag.png differ diff --git a/postbook/flag0/README.md b/postbook/flag0/README.md index 369ff1d..c76cf1f 100644 --- a/postbook/flag0/README.md +++ b/postbook/flag0/README.md @@ -6,7 +6,7 @@ Click on sign in ## Step 2 : Log In -Try weak password like same as username **user** or **password** +Try weak password like same as username **user** or **password** ``` username: user @@ -18,3 +18,6 @@ password: password ## Step 3 : FLAG ![](./images/flag.png) + + +**Background:** Using of default credentials or well used easily guessed credentials. In many instances developers use the default credentials to access their site and keep them unchanged during the time of deployment which can easily give access to the admin panel.