THM AOC2024 DAY 13: Tracking Down Vulnerabilities
Every December, TryHackMe's Advent of Cyber delivers 24 free daily cybersecurity challenges, offering hands-on scenarios that simulate real-world attacks and defenses. Designed for beginners and professionals alike, it's an exciting, gamified way to explore topics like threat hunting, penetration testing, cryptography, and more. This event is perfect for building skills, gaining practical experience, and spreading some cybersecurity cheer during the festive season!
Learning Objectives
- Learn about WebSockets and their vulnerabilities.
- Understand how WebSocket Message Manipulation can be exploited.
Tools Overview
- Burp Suite: A versatile tool for intercepting and manipulating web traffic, including WebSocket communications. It allows testers to identify and exploit vulnerabilities in web applications.
- WebSockets: A communication protocol that facilitates full-duplex communication between a client and server, enabling real-time updates. While efficient, they are susceptible to vulnerabilities if improperly secured.
Task Walkthrough
Overview
In today's task, Glitch and McSkidy explore vulnerabilities in a WebSocket-enabled web application. By intercepting and altering WebSocket messages, they uncover how attackers can exploit these gaps to manipulate data and track unauthorized users.
Steps
Task 1: Setting Up the Environment
- Start the virtual machine and AttackBox.
- Access the Reindeer Tracker application at
http://MACHINE_IP. - Configure Burp Suite on the AttackBox to intercept traffic. Ensure proxy settings are correctly enabled for capturing WebSocket communications.
Task 2: Intercepting and Manipulating WebSocket Traffic
- Open the Reindeer Tracker app and click the Track button to start tracking a user.
- Capture the WebSocket traffic in Burp Suite.
- Navigate to Proxy > Intercept > Proxy Settings to ensure the proxy is active.
- Locate the intercepted WebSocket request containing the
userIdparameter.
Task 3: Exploiting WebSocket Message Manipulation
- Modify the
userIdvalue from5to8and forward the request back to the application. - Refresh the community reports on the Reindeer Tracker app. Notice that the manipulated request now tracks user ID
8. - This demonstrates how attackers can exploit WebSocket messages to track unauthorized users or manipulate application behavior.
Task 4: Further Manipulating WebSocket Messages
- Continue testing to determine if you can post messages using a different user ID.
- Leverage Burp Suite to intercept message traffic and modify parameters, such as changing the author of a post or injecting unauthorized content.
- Verify the changes in the application interface and confirm the vulnerability's impact.
Questions and Solutions
- What is the value of Flag1?
- Answer:
THM{dude_where_is_my_car}
- Answer:
- What is the value of Flag2?
- Answer:
THM{my_name_is_malware._mayor_malware}
- Answer:
Recap of Learning Objectives
1. Learn about WebSockets and their vulnerabilities
WebSockets provide real-time, bidirectional communication between a client and server, commonly used in applications like chat platforms and live data feeds. However, if not secured, they are vulnerable to attacks like message tampering, session hijacking, and DoS attacks. Understanding these risks is crucial for designing secure WebSocket implementations.
2. Understand how WebSocket Message Manipulation can be exploited
This task highlighted how attackers could intercept and alter WebSocket messages to manipulate application behavior. By changing parameters such as userId, attackers can track unauthorized users or inject malicious actions, emphasizing the need for strong authentication and validation mechanisms.
