OWASPLab

This lab introduces students to the concept of a CTF through the form of web vulnerabilities.

Most of the vulnerabilities come from the OWASP top 10. OWASP, which stands for Open Web Application Security Project, is an project dedicated to making the web more secure. There are 7 vulnerabilities in this lab based on the OWASP top 10. Furthermore vulnerabilities like the ones in this lab have all been found in major production websites at some point.

Setup

As seen in previous labs, this lab uses docker. The following steps will have the lab up and running in docker in no time.

1. In terminal/docker toolbox navigate to the directory containing tar .
2. Run the command docker load < lab4.tar to load the image into docker.
3. Run the command docker-compose up -d (note this must be run from the directory containing docker-compose.yml )
4. The lab should now be accessible from http://localhost:1337/

If you are unable to access the lab you may be running an older version of docker which runs in a VM with a separate IP. To get that ip run the command docker-machine ip and then connect to http://<ip here>:1337/.

When youre done the lab you will need to kill the docker containers. This can be done using: docker compose down . Note: This will wipe the database. If you dont want to wipe the

database you can use docker stop lab4_web lab4_db .

WARNING the following commands will remove everything you have in docker. Finally when youre done with everything you can use docker system prune -a followed by docker volume prune to completely wipe the docker environment. Alternatively you can

remove the images for the lab manually.

Questions

Each of the challenges in this lab have a flag associated with them. A flag is of the format flag{some_text_here}. The idea comes from the concept of a cyber security CTF in which participants hunt for vulnerabilities revealing flags. These vulnerabilities typically reflect real world security issues.

1

1. Register an account, you may need to use a SQL injection to help you out here. You will find a flag once your SQL injection is successful.
2. Create a link that redirects the user to when they log in. There is no flag for this challenge, just record the URL that you used.
3. Find a stored cross site scripting vulnerability, have an alert pop up on the dashboard page. Once successful a second alert will pop up with the flag.
4. A piece of information is exposed on the employee dashboard. Find this and a flag is with it.
5. Based on the piece of information exposed in question 4 are you able to find a file on the system which shouldnt be accessible?
6. So in question 5 youve found some data that shouldnt be there. See if you can figure out Freds password. This is another form of sensitive data exposure.
7. This one is optional and quite challenging! Find a way to change the admin accounts password, you wont be able to crack the hash there might be another way through the messaging system. After all his assistant does automatically read the

messages.

Report

For your report be sure to include screen shots of each of the flag you have found. Furthermore write a small description detailing how you were able to find that flag as well as a recommendation for the administrator on what could be done to prevent the vulnerability.

2