I found myself looking at the web page of a local restaurant, one eye on the menu and another eye on the glaring insecure warning in the URL bar. The menu link was a direct link to a PDF. I removed the PDF from the link and was able to browse the contents of the uploads. A simple parent directory traversal brought me up as far as wp-content, which was obfuscated.
I went to the main page of this admittedly fancy looking site to see who had designed it. It was a local marketing company, so off to their website I went and I put in /wp-content/uploads and was able to perform the same action on their site. I was able to see upload as far back as 2016 with some of their customers.
So with that information I could have probably gone on to those sites and tried the same. There are simple programs you can run that will allow you to scan these types of sites using common lists for directories that are exposed to the world to see. I wonder what I’d find if I ran it against the restaurant or the marketing company site.
It’s only been a week into my journey of cyber security and it’s been an eye opener. There are tools there that make it pretty painless/brainless to perform hacks like these.
I have enjoyed focusing on the challenges on hackthebox.eu. Hopefully the web challenges will prepare me for some of the harder challenges on down the line. Tools I have used this week are sqlmap, dirb, nmap, burpsuite.
I’ve been watching a couple of the Ippsec videos on YouTube but I haven’t really taken notes. He presents the attacks in a really informative and engaging way that I think it’s worth watching each video twice. Once to enjoy the process, and then a second time to take notes. The forums at hackthebox are helpful in that they give wee pointers for the general direction to do in, if you’re stuck. Which I find myself in 51% of the time 😂
Already it’s been a couple of late nights and red eye mornings, but it’s been enjoyable.