TryHackMe — Offensive Security
Hello All,
Today I am writing about one more challenge on Tryhackme( Offensive Security)
Offensive Security is one of the key pillar when it comes to the security of an organization. It is a concept of reviewing the existing controls by testing, trying to break it to see the tolerance of the security.
Offensive security team contains the Vulnerability Assessment and Pen testing teams who always constantly explore new tools, techniques to test the machine.
Team members will give the relevant access the outside users and start their process of testing starting from recon to privilege access. Once they complete the testing, they will summarize the report based on the OWASP Top 10, Top Critical Vulnerabilities and remediation steps which should be implemented.
This task is a starting point to the career path of becoming a offensive security team member or a penetration tester once you complete the path in TryHackMe
In this task, we have given a banking web application logged in with a user.
We need to use the hidden directory exploring tool GoBuster to identify the hidden directories in the application.
Once I started the machine, I can see the web browser logged with a bank’s netbanking website. Let’s see if we can find any hidden directories.
We have used the gobuster tool command,
u- url
w- wordlist
type — dir ( directory)
We found a directory “bank-transfer”. Let’s navigate to see what it shows…
🤯🤯🤯 OMG, Its an admin portal to transfer money from one account to another account.
It looks like it doesn’t have additional security. This is a critical risk which includes Authorization, Access control vulnerability without having a MFA.
As per task we need to transfer $2000 from A/C 2276 to A/C 8881. Let’s see if we can do the successful transaction.
I have added the details and Hit the Send Money Button…
Its Done 🤯🤯🤯🤯👨💻👨💻👨💻👨💻.
This vulnerability can give hackers an access to take privilege of account to perform an unauthorized transaction.
Financial Frauds are one of the highly motivated targets when it comes to the largest cyberattacks. As a skilled security professional to identify the loopholes, ways to exploit and fix the vulnerabilities before the attacker finds.
Explore the more machines in the offensive security path and become a skilled security professional.
Thanks for reading :)
